6

I'm using mysqli_real_escape_string() on an email address, and it returns an empty string. It does this with any email address.

<?php
//from previous page - submitted by user.
$_POST['email']="[email protected]";
$_POST['password']='mypass1234';




//Link, I can verify it works.
$mysql_info=array(
     "url"=>"url",
     "username"=>"username",
     "password"=>"password",
     "database"=>"database"
);
$link=mysqli_connect($mysql_info['url'],$mysql_info['username'],$mysql_info['password'],$mysql_info['database']);


//Now I attempt to sanitize the user input.
$email=mysqli_real_escape_string($link,$_POST['email']);
$password=sha1(mysqli_real_escape_string($link,$_POST['password']));
var_dump($email);
var_dump($password);?>

My table's collation is "latin1_swedish_ci".

Improve this question
4
  • Sorry, my question is: Why does this return an empty string, and what can I do to fix it? Commented Mar 4, 2013 at 3:21
  • Could you please add error handling to your code? Commented Mar 4, 2013 at 3:22
  • You mean like error_reporting(E_ALL);? Already did. Nothing. Commented Mar 4, 2013 at 3:25
  • Please follow the error handler for checking the connection in my answer below. Commented Mar 4, 2013 at 3:28

2 Answers 2

Reset to default
9

If your connection is empty ($link), it will return an empty string. I tested this and it worked fine. I would recommend that you add error handling to your connection and enable error reporting.

<?php
$link = mysqli_connect("localhost", "root", "root", "test");

/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

$_POST['email'] = "[email protected]";

$email = mysqli_real_escape_string($link, $_POST['email']);

var_dump($email);

mysqli_close($link);
?>

Result

string(17) "[email protected]"
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Turns out my web host changed the socket's location without telling me. Thanks.
It's always best to implement an error handler. In this case, it would have pointed you to the connection.
I had one implemented, then took it out for production.
You can turn on/off error reporting in the script so that when it goes into production you can disable it.
-1

I had this problem and found that my character set was set to latin. Solved by putting

$con->set_charset("utf8");

before the real_escape_string. Would be mysqli_set_charset in procedural style.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.