Page 1 of 1

mysql_real_escape_string missing in php4

Posted: Sun Sep 17, 2006 8:31 pm
by llimllib
So, I've been out of PHP for a while but it pulled me back in. The server installation of PHP I'm using is of version 4.1.0, which doesn't have the mysql_real_escape_string function installed. I have limited control over the server environment, so I cannot install mysqli or any other shared libraries.

What's the best way to go about properly escaping mysql data? Has somebody ported the mysql_real_escape_string function to pure PHP? Does everyone just use addslashes?

Posted: Sun Sep 17, 2006 11:41 pm
by Burrito
you might try its predecessor mysql_escape_string()...that came in around 4.0 something I think.

Posted: Mon Sep 18, 2006 1:54 am
by aaronhall
>=4.0.3 -- should work

Posted: Mon Sep 18, 2006 3:46 am
by Jenk
You can use this (untested) but it's not as good as the real thing of course..

Code: Select all

if (!function_exists('mysql_real_escape_string')) 
{
    function mysql_real_escape_string($string, $link = null)
    {
        $chars = array(
            "\x00" => "\\x00",
            "\n" => "\\n",
            "\r" => "\\r", 
            "\\"  => "\\\\",
            "'" => "\'",
            '"' => '\"',
            "\x1a" => "\\x1a"
        );

        return str_replace(array_keys($chars), array_values($chars), $string);
    }
}
or rely on addslashes().

Posted: Mon Sep 18, 2006 4:26 am
by aaronhall
mysql_escape_string and mysql_real_escape_string are perfectly identical aside from the second *optional* argument in mysql_real that takes the charset of the connection into account (according to the manual)

Posted: Mon Sep 18, 2006 6:10 am
by llimllib
aaronhall wrote:mysql_escape_string and mysql_real_escape_string are perfectly identical aside from the second *optional* argument in mysql_real that takes the charset of the connection into account (according to the manual)
Sweet... I somehow looked right over that function. Thanks a lot.