Page 1 of 1
mysql_real_escape_string and $_GET
Posted: Mon Aug 03, 2009 1:23 am
by petrosa
Hello,
i have a problem with my webpage, i want to use mysql_real_escape_string() on a $_GET variable, but when i use mysql_real_escape_string($_GET['var']) , i dont get the GET variable, i only get a blank.
This has been bugging me all day, any help would be appreciated
Thanks in advance
Re: mysql_real_escape_string and $_GET
Posted: Mon Aug 03, 2009 2:05 am
by bala_1225
hi,
<?
$string = $_GET['var'];
echo mysql_real_escape_string($string);
?>
try this one.....

Re: mysql_real_escape_string and $_GET
Posted: Mon Aug 03, 2009 2:07 am
by bala_1225
<?php
$string = $_GET['var'];
$string = mysql_real_escape_string($string);
$query = "INSERT INTO `table` (`string`) VALUES ('$string')";
?>
Also, Try this method......

Re: mysql_real_escape_string and $_GET
Posted: Mon Aug 03, 2009 2:09 am
by petrosa
bala_1225 wrote:hi,
<?
$string = $_GET['var'];
echo mysql_real_escape_string($string);
?>
try this one.....

i tried that, but still i have the same problem...
echo $string; --> works fine
echo mysql_real_escape_string($string); -->doesnt work
Re: mysql_real_escape_string and $_GET
Posted: Mon Aug 03, 2009 4:52 am
by bala_1225
hi,
<?
$string = $str;
//$str --- from database only then only it will work...........
echo mysql_real_escape_string($string);
?>
try this one.....

Re: mysql_real_escape_string and $_GET
Posted: Mon Aug 03, 2009 6:21 am
by petrosa
bala_1225 wrote:hi,
<?
$string = $str;
//$str --- from database only then only it will work...........
echo mysql_real_escape_string($string);
?>
try this one.....

That didnt work either... did some more research, and it seems that mysql_real_escape_string(); needs to have a connection to the database first to work, so i just moved my connection at the start and voila
Thanks for the responces
Re: mysql_real_escape_string and $_GET
Posted: Mon Aug 03, 2009 7:55 am
by jackpf
Yes, you need a connection to the mysql server in order to use mysql_real_escape_string().
If you turn on error reporting you should get an error about not being connected to a database or something.