mysql_real_escape_string causing strange errors

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
jolinar
Forum Commoner
Posts: 61
Joined: Tue May 24, 2005 4:24 pm
Location: in front of computer

mysql_real_escape_string causing strange errors

Post by jolinar »

Here's the problem, I'm trying to "clean" user input with mysql_real_escape_string(), for some reason, it's destroying all variables it touches. Here is a simplified version of the code I'm using:

Code: Select all

$connector = new DbConnector($dbuser,$dbpass,$dbname);
foreach($_GET as &$tmp) {
	$tmp=$connector->escape_string($tmp);
	//print $tmp;
}
With the database code here:

Code: Select all

<?php

class DbConnector {
 	
	var $dbUser;
	var $dbPass;
	var $dbHost;
	var $database;
 	
	var $connector;
 	
	function DbConnector($user,$pass,$base) {

 		$this->dbUser = $user; //default guest account
 		$this->dbPass = $pass;
 		$this->database = $base;
		$this->connect();
 	}
 	
	function connect() {
		//$connector = mysql_connect(localhost,$this->dbUser,$this->dbPass);
		$connector = mysql_connect("webdev",$this->dbUser,$this->dbPass);
 		
		if(!$connector) {
			echo "<h3>DB Connection Error</h3>\n";
			print "<p>Error Code 007</p>\n";
			echo mysql_error();
			exit;
		}
		else {
			mysql_select_db($this->database, $connector);
			if(!mysql_select_db($this->database, $connector)) {
				print "<h3>Unable To Select Database, You Have No Rights Scumbag!</h3>\n";
				print "<p>Error Code: 008</p>\n";
				echo mysql_error();
				exit;
			}
		}
	}
 	
//skip through
 	

	function escape_string($input) {
		return mysql_real_escape_string($input,$connector);
	}
}
?>
Can anyone help with this?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Run the script with error_reporting(E_ALL);

$connector and $this->connector are two different variables in two different scopes, you want the latter.
User avatar
jolinar
Forum Commoner
Posts: 61
Joined: Tue May 24, 2005 4:24 pm
Location: in front of computer

Post by jolinar »

Problem's fixed now. I needed to change the escape_string function to this:

Code: Select all

function escape_string($input) {
		return mysql_real_escape_string($input);
	}
Works on my dev box and main site.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

Your references to $connector should be $this->connector.
Post Reply