Page 1 of 1

Help: weird mysql_real_escape_string() problem

Posted: Thu Nov 18, 2004 11:48 am
by freemink
Hi.

Got a weird problem and hope someone can help. I have installed PHP and Apache on my home pc and I have webspace also running php and apache.

PHP Version is 4.3.9 on both systems.

I'm working through a php tutorial and I have got to a section on form data and the function: mysql_real_escape_string()

But on my home systm mysql_real_escape_string() behviour is totally weird. It actually strips out +all+ characters from any string. So the following code:

Code: Select all

<?php
    $var = "hello";
    print "var is $var<br>";
    $var = mysql_real_escape_string( $var );
    print "var is $var<br>";
?>
will produce output (on my home system):

var is [hello]
var is []

and produces the expected output on remote system:
var is [hello]
var is [hello]

I have searched the net for anyone having similar problems and have found nothing. Can anyone shed any light on what is going on? I have tried this in IE 6 and Opera 7. I have tried both magic_quotes_gpc settings. I have checked the encoding of the pages. Just cannot figure it out. HELP!

Thanks for any help,
darrell.

I should have said: I'm running Windows XP Pro SP 2

Weirdan | Help us, help you. Please use

Code: Select all

and

Code: Select all

tags where approriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]

Posted: Thu Nov 18, 2004 12:13 pm
by Weirdan
to use [php_man]mysql_real_escape_string[/php_man] you should have active connection to MySQL server. If you haven't , use [php_man]mysql_escape_string[/php_man] instead.

Posted: Thu Nov 18, 2004 12:55 pm
by freemink
Thanks for that!

In my defense (in case the RTFM was intended for me):
the manual entry for "mysql_real_escape_string" makes no mention of an "active connection",
the manual entry for "mysql_escape_string" does, but I hadn't come across that function yet.

The tutorial I was working from also uses "mysql_real_escape_string" without a db connection.

PS I will make sure I use php/code tags in future posts.

Thanks for the speedy response :D

Posted: Thu Nov 18, 2004 1:59 pm
by Weirdan
freemink wrote:Thanks for that!
You're welcome.
In my defense (in case the RTFM was intended for me):
As you can see it's part of my signature, thus it's not aimed at anyone personally. Some people just need that HOWTO, if you know what I mean... :)
the manual entry for "mysql_real_escape_string" makes no mention of an "active connection",
the phrase: " This function will escape special characters in the unescaped_string, taking into account the current character set of the connection" should have given you an idea. If there's no connection, accourding to what charset would this function escape the string?