1

I'm using PHP Version 5.1.6 and trying to escape a query string from my $_GET array. However my script is returning a NULL after it's escaped.

It seems that mysql_escape_string() works fine, but it's deprecated, so I don't want to use it.

Having checked over the phpinfo() the MySQL lib is all loaded fine from what I can see. Has anyone experienced this kind of thing before?

$term = $_GET['q'];

var_dump($term); // string(7) "richard" 
echo "<br />";

$sterm = mysql_real_escape_string($term, $db);

var_dump($sterm); // NULL

It's very strange to me, I can't imagine why this function wouldn't work.

Improve this question

1 Answer 1

Reset to default
11

Are you sure you have a MySQL connection running? That is a requirement for mysql_real_escape_string() to work:

Note: A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If $link_identifier isn't defined, the last MySQL connection is used.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Wouldn't that mean that var_dump() would return FALSE rather than NULL ? I'm also following it with a MySQL query, which is running okay on the same var $db
Turns out there is a bug in the MySQL class in this project! It only connects when you run a query, so I've had to force a connection and pass that into the function.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.