1

I'm using PHP Version 5.1.6 and trying to escape a query string from my $_GET array. However my script is returning a NULL after it's escaped.

It seems that mysql_escape_string() works fine, but it's deprecated, so I don't want to use it.

Having checked over the phpinfo() the MySQL lib is all loaded fine from what I can see. Has anyone experienced this kind of thing before?

$term = $_GET['q'];

var_dump($term); // string(7) "richard" 
echo "<br />";

$sterm = mysql_real_escape_string($term, $db);

var_dump($sterm); // NULL

It's very strange to me, I can't imagine why this function wouldn't work.

Improve this question

1 Answer 1

Reset to default
11

Are you sure you have a MySQL connection running? That is a requirement for mysql_real_escape_string() to work:

Note: A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If $link_identifier isn't defined, the last MySQL connection is used.

Improve this answer
2
  • 1
    Wouldn't that mean that var_dump() would return FALSE rather than NULL ? I'm also following it with a MySQL query, which is running okay on the same var $db
    – David Yell
    Commented May 18, 2010 at 11:12
  • 1
    Turns out there is a bug in the MySQL class in this project! It only connects when you run a query, so I've had to force a connection and pass that into the function.
    – David Yell
    Commented May 18, 2010 at 11:19

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.