Page 1 of 1

mysql_real_escape_string and $_GET

Posted: Mon Aug 03, 2009 1:23 am
by petrosa
Hello,

i have a problem with my webpage, i want to use mysql_real_escape_string() on a $_GET variable, but when i use mysql_real_escape_string($_GET['var']) , i dont get the GET variable, i only get a blank.

This has been bugging me all day, any help would be appreciated

Thanks in advance

Re: mysql_real_escape_string and $_GET

Posted: Mon Aug 03, 2009 2:05 am
by bala_1225
hi,

<?
$string = $_GET['var'];
echo mysql_real_escape_string($string);
?>
try this one..... :lol:

Re: mysql_real_escape_string and $_GET

Posted: Mon Aug 03, 2009 2:07 am
by bala_1225
<?php
$string = $_GET['var'];

$string = mysql_real_escape_string($string);

$query = "INSERT INTO `table` (`string`) VALUES ('$string')";

?>

Also, Try this method...... :D

Re: mysql_real_escape_string and $_GET

Posted: Mon Aug 03, 2009 2:09 am
by petrosa
bala_1225 wrote:hi,

<?
$string = $_GET['var'];
echo mysql_real_escape_string($string);
?>
try this one..... :lol:
i tried that, but still i have the same problem...

echo $string; --> works fine
echo mysql_real_escape_string($string); -->doesnt work

Re: mysql_real_escape_string and $_GET

Posted: Mon Aug 03, 2009 4:52 am
by bala_1225
hi,

<?
$string = $str; //$str --- from database only then only it will work...........
echo mysql_real_escape_string($string);
?>
try this one..... :lol:

Re: mysql_real_escape_string and $_GET

Posted: Mon Aug 03, 2009 6:21 am
by petrosa
bala_1225 wrote:hi,

<?
$string = $str; //$str --- from database only then only it will work...........
echo mysql_real_escape_string($string);
?>
try this one..... :lol:
That didnt work either... did some more research, and it seems that mysql_real_escape_string(); needs to have a connection to the database first to work, so i just moved my connection at the start and voila :)

Thanks for the responces

Re: mysql_real_escape_string and $_GET

Posted: Mon Aug 03, 2009 7:55 am
by jackpf
Yes, you need a connection to the mysql server in order to use mysql_real_escape_string().

If you turn on error reporting you should get an error about not being connected to a database or something.