Re: [PHP] mysql_real_escape_string(asdasddas) ??? wtf
On Sat, 2009-02-21 at 19:19 +1300, Tim | iHostNZ wrote: Hi everyone, Can anyone here tell me why mysql_real_escape_string(asdasddas) returns an empty string? Just writing a data import... Anyway, for security but also simply because i might have a ' in the string, i need to escape it. Apparently it is good practice to use mysql_real_escape_string() but it simply doesn't work at all on this machine. I thought it's a rather standard function. Is it maybe my Apache server setup? But i thought the function wouldn't exist then and throw an error in the php script, but it runs through fine. Please help, we need this data import by next week hence i'm working now... I can send you details of the server setup if required. Please let me know what as there are quite a few things... It's xampp on windows xp (testing/dev machine). RTFM: Note: A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn't defined, the last MySQL connection is used. And turn your error reporting on or check your logs. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysql_real_escape_string(asdasddas) ??? wtf
OK, thanks. I think you guys are right. It's just safer and simpler than writing my function and probably not really slower either. need a db connection anyway. Read a bit on the function and yeah, a bit of screwed up binary data might yet cause funny errors although the xml is a feed from a trusted source. You guys are great! Faster with answers than i can search. Almost feel tempted not to search Nah i still search first. :-) Tim-Hinnerk Heuer http://www.ihostnz.com Emo Philips - I was the kid next door's imaginary friend. 2009/2/22 Robert Cummings rob...@interjinn.com On Sat, 2009-02-21 at 19:19 +1300, Tim | iHostNZ wrote: Hi everyone, Can anyone here tell me why mysql_real_escape_string(asdasddas) returns an empty string? Just writing a data import... Anyway, for security but also simply because i might have a ' in the string, i need to escape it. Apparently it is good practice to use mysql_real_escape_string() but it simply doesn't work at all on this machine. I thought it's a rather standard function. Is it maybe my Apache server setup? But i thought the function wouldn't exist then and throw an error in the php script, but it runs through fine. Please help, we need this data import by next week hence i'm working now... I can send you details of the server setup if required. Please let me know what as there are quite a few things... It's xampp on windows xp (testing/dev machine). RTFM: Note: A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn't defined, the last MySQL connection is used. And turn your error reporting on or check your logs. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP
Re: [PHP] mysql_real_escape_string(asdasddas) ??? wtf
--- Use FreeOpenSourceSoftwares, Stop piracy, Let the developers live. Get a Free CD of Ubuntu mailed to your door without any cost. Visit : www.ubuntu.com -- On Sun, Feb 22, 2009 at 5:35 AM, Tim | iHostNZ t...@ihostnz.com wrote: OK, thanks. I think you guys are right. It's just safer and simpler than writing my function and probably not really slower either. need a db connection anyway. Read a bit on the function and yeah, a bit of screwed up binary data might yet cause funny errors although the xml is a feed from a trusted source. Having concluded with this realization get to read about Security chapters from Zend Certified Engineer Exam Guide Book from phpArchitect. Written by Ben Ramsey and David Shafiq. And you probably know about the term of 're-inventing the wheel'. :) You guys are great! Faster with answers than i can search. Almost feel tempted not to search Nah i still search first. :-) Tim-Hinnerk Heuer http://www.ihostnz.com Emo Philips - I was the kid next door's imaginary friend. 2009/2/22 Robert Cummings rob...@interjinn.com On Sat, 2009-02-21 at 19:19 +1300, Tim | iHostNZ wrote: Hi everyone, Can anyone here tell me why mysql_real_escape_string(asdasddas) returns an empty string? Just writing a data import... Anyway, for security but also simply because i might have a ' in the string, i need to escape it. Apparently it is good practice to use mysql_real_escape_string() but it simply doesn't work at all on this machine. I thought it's a rather standard function. Is it maybe my Apache server setup? But i thought the function wouldn't exist then and throw an error in the php script, but it runs through fine. Please help, we need this data import by next week hence i'm working now... I can send you details of the server setup if required. Please let me know what as there are quite a few things... It's xampp on windows xp (testing/dev machine). RTFM: Note: A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn't defined, the last MySQL connection is used. And turn your error reporting on or check your logs. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP