mysql_real_escape_string not working on jquery load

Question

This is very strange, but when I add the mysql_real_escape_string it doesn't load the page, this is the code that I load like this:

$('.abandalink').click(function(){  
    var codigo_membro = $(this).attr('codigomembro');
    $('#change').load('membrosbanda.php?codigo='+codigo_membro); 
});

And this is the membrosbanda.php

$id=$_GET['codigo']; 
$conexion=mysql_connect(HOSTNAME,USER,PW) or  die("Problemas en la conexion");
mysql_select_db("bandasideral4",$conexion)  
  or  die("Problemas en la selección de la base de datos");
$registros=mysql_query("SELECT * FROM abanda where codigo='$codigo'") or
  die("Problemas en el select:".mysql_error());

if I add $id=$_GET['codigo']; to $id = mysql_real_escape_string($_GET['codigo']); it stops working

Answer 1

You need to connect to a database first, before that mysql_real_escape_stringis not available.

From the manual:

Note:

A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn't defined, the last MySQL connection is used.

Answer 2

If you puts codigo in $id, your sql must be SELECT * FROM abanda where codigo='$id'

a better style would be this: $id_s =mysql_real_escape_string($_GET['codigo']);

So you have all your *_s variables being escaped for sql stuff, and all normal variables being tainted data.