So, I've been out of PHP for a while but it pulled me back in. The server installation of PHP I'm using is of version 4.1.0, which doesn't have the mysql_real_escape_string function installed. I have limited control over the server environment, so I cannot install mysqli or any other shared libraries.
What's the best way to go about properly escaping mysql data? Has somebody ported the mysql_real_escape_string function to pure PHP? Does everyone just use addslashes?
mysql_real_escape_string missing in php4
Moderator: General Moderators
You can use this (untested) but it's not as good as the real thing of course..
or rely on addslashes().
Code: Select all
if (!function_exists('mysql_real_escape_string'))
{
function mysql_real_escape_string($string, $link = null)
{
$chars = array(
"\x00" => "\\x00",
"\n" => "\\n",
"\r" => "\\r",
"\\" => "\\\\",
"'" => "\'",
'"' => '\"',
"\x1a" => "\\x1a"
);
return str_replace(array_keys($chars), array_values($chars), $string);
}
}