Page 1 of 1

mysql_real_escape_string causing strange errors

Posted: Thu Mar 08, 2007 9:15 am
by jolinar
Here's the problem, I'm trying to "clean" user input with mysql_real_escape_string(), for some reason, it's destroying all variables it touches. Here is a simplified version of the code I'm using:

Code: Select all

$connector = new DbConnector($dbuser,$dbpass,$dbname);
foreach($_GET as &$tmp) {
	$tmp=$connector->escape_string($tmp);
	//print $tmp;
}
With the database code here:

Code: Select all

<?php

class DbConnector {
 	
	var $dbUser;
	var $dbPass;
	var $dbHost;
	var $database;
 	
	var $connector;
 	
	function DbConnector($user,$pass,$base) {

 		$this->dbUser = $user; //default guest account
 		$this->dbPass = $pass;
 		$this->database = $base;
		$this->connect();
 	}
 	
	function connect() {
		//$connector = mysql_connect(localhost,$this->dbUser,$this->dbPass);
		$connector = mysql_connect("webdev",$this->dbUser,$this->dbPass);
 		
		if(!$connector) {
			echo "<h3>DB Connection Error</h3>\n";
			print "<p>Error Code 007</p>\n";
			echo mysql_error();
			exit;
		}
		else {
			mysql_select_db($this->database, $connector);
			if(!mysql_select_db($this->database, $connector)) {
				print "<h3>Unable To Select Database, You Have No Rights Scumbag!</h3>\n";
				print "<p>Error Code: 008</p>\n";
				echo mysql_error();
				exit;
			}
		}
	}
 	
//skip through
 	

	function escape_string($input) {
		return mysql_real_escape_string($input,$connector);
	}
}
?>
Can anyone help with this?

Posted: Thu Mar 08, 2007 9:51 am
by volka
Run the script with error_reporting(E_ALL);

$connector and $this->connector are two different variables in two different scopes, you want the latter.

Posted: Fri Mar 09, 2007 6:51 am
by jolinar
Problem's fixed now. I needed to change the escape_string function to this:

Code: Select all

function escape_string($input) {
		return mysql_real_escape_string($input);
	}
Works on my dev box and main site.

Posted: Fri Mar 09, 2007 7:05 am
by Jenk
Your references to $connector should be $this->connector.