1

The code works fine if I don't use the mysql_real_escape_string function. But the function is returning nothing! I read that the problem may be due to the fact that I do not have a mysql connection but that does not seem to be the case!

Please help!

<?php
$con=mysqli_connect("localhost","root","pwd","mysql");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

$title = mysqli_real_escape_string($_POST["title"]);
$comment = mysqli_real_escape_string($_POST["comment"]);
$type = $_POST["type"];
$time = date("Y-m-d H:i:s");


$sql="INSERT INTO posts
VALUES
('','$type','$time','$time','$title','$comment','0','0','0','0','0')";

if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }



mysqli_close($con);
header ("location: index.php");
?>
Improve this question
1
  • Why do you escape $_POST["title"] but not $_POST["type"]? Commented Jul 24, 2013 at 16:24

3 Answers 3

Reset to default
9

You need to pass the connection to the function

$title = mysqli_real_escape_string($con, $_POST["title"]);
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

ya I know, I had to wait 8 minutes before I could accept it :)
2

According to http://php.net/manual/en/mysqli.real-escape-string.php you need to pass two parameters unless you are using the object oriented style.You should be using the format:

mysqli_real_escape_string ( $link , $escapestr )

Where $link is: A link identifier returned by mysqli_connect() or mysqli_init()

And $escapestr is: The string to be escaped. Characters encoded are NUL (ASCII 0), \n, \r, \, ', ", and Control-Z.

Improve this answer

Comments

0

php.net says
Procedural style
mysqli_real_escape_string ( mysqli $link , string $escapestr )
So you will need to add your $con to it:
$title = mysqli_real_escape_string($con, $_POST["title"]);

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.