Help: weird mysql_real_escape_string() problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
freemink
Forum Newbie
Posts: 2
Joined: Thu Nov 18, 2004 11:36 am

Help: weird mysql_real_escape_string() problem

Post by freemink »

Hi.

Got a weird problem and hope someone can help. I have installed PHP and Apache on my home pc and I have webspace also running php and apache.

PHP Version is 4.3.9 on both systems.

I'm working through a php tutorial and I have got to a section on form data and the function: mysql_real_escape_string()

But on my home systm mysql_real_escape_string() behviour is totally weird. It actually strips out +all+ characters from any string. So the following code:

Code: Select all

<?php
    $var = "hello";
    print "var is $var<br>";
    $var = mysql_real_escape_string( $var );
    print "var is $var<br>";
?>
will produce output (on my home system):

var is [hello]
var is []

and produces the expected output on remote system:
var is [hello]
var is [hello]

I have searched the net for anyone having similar problems and have found nothing. Can anyone shed any light on what is going on? I have tried this in IE 6 and Opera 7. I have tried both magic_quotes_gpc settings. I have checked the encoding of the pages. Just cannot figure it out. HELP!

Thanks for any help,
darrell.

I should have said: I'm running Windows XP Pro SP 2

Weirdan | Help us, help you. Please use

Code: Select all

and

Code: Select all

tags where approriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

to use [php_man]mysql_real_escape_string[/php_man] you should have active connection to MySQL server. If you haven't , use [php_man]mysql_escape_string[/php_man] instead.
freemink
Forum Newbie
Posts: 2
Joined: Thu Nov 18, 2004 11:36 am

Post by freemink »

Thanks for that!

In my defense (in case the RTFM was intended for me):
the manual entry for "mysql_real_escape_string" makes no mention of an "active connection",
the manual entry for "mysql_escape_string" does, but I hadn't come across that function yet.

The tutorial I was working from also uses "mysql_real_escape_string" without a db connection.

PS I will make sure I use php/code tags in future posts.

Thanks for the speedy response :D
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

freemink wrote:Thanks for that!
You're welcome.
In my defense (in case the RTFM was intended for me):
As you can see it's part of my signature, thus it's not aimed at anyone personally. Some people just need that HOWTO, if you know what I mean... :)
the manual entry for "mysql_real_escape_string" makes no mention of an "active connection",
the phrase: " This function will escape special characters in the unescaped_string, taking into account the current character set of the connection" should have given you an idea. If there's no connection, accourding to what charset would this function escape the string?
Post Reply