Mysql_real_escape_string undefined

Question

Mysql_real_escape_string undefined

I am using PHP version 5.3 and trying to use mysql_real_escape_string($unescaped_string) in my code, but I get an error:

 Fatal error: Call to undefined function mysql_real_escape_string() in /var/www/engine/database.php on line 38

I can still connect to the database. Why is it unavailable?

I am using PHP version 5.3.

+8

php mysql ubuntu

Michaelh Dec 13 '12 at 9:20

source share

4 answers

Interestingly, after studying all the other solutions here, I realized that the problem is that the php5-mysql extension is not installed yet - it is not installed by default on new Ubuntu, nor when installing new php. So, for me, the solution was: install the php5-mysql extension:

 sudo apt-get install php5-mysql

After that I did not get these nasty mysql_ * errors, -)

+1

nemesisfixx Jul 24 '15 at 8:49

source share

Perhaps your problem is the php server configuration (compilation).

Here is more information about mysql_real_escape_string: http://www.php.net/manual/en/function.mysql-real-escape-string.php

0

shinosn Dec 13 '12 at 9:32

source share

The MySQL extension has been deprecated since PHP 5.5. Therefore, mysql_real_escape_string () is not available in PHP 7. This means that user input cannot be escaped correctly and leaves the code open for SQL injection.

The official PHP solution to replace ext / mysql with MySQLi, PDO or another supported database extension.

To prevent SQL injection attacks, it is recommended that you use prepared statements and parameterized queries when talking to the database.

0

Kristoffer bohmann Feb 21 '16 at 13:15

source share

Vyktor · Accepted Answer · 2012-12-13T09:24:07+0000

Update , as pointed out in comment , mysql_ been deprecated since version 5.5 :

The mysql extension has been deprecated since PHP 5.5. Instead, use the mysqli or PDO extension. The deviation was accepted in mysql_deprecation , where you can find a discussion of the reasons for this decision.

and removed in PHP 7 .

mysql_real_escape_string() is a standard part of MySQL "batch" and should always work if the extension is loaded correctly.

Does any other mysql_ function mysql_ ? (It should not be)

Make sure you have this line uncommented in php.ini :

 extension=mysql.so

It would also be wise to use mysqli or PDO instead ( mysql_ deprecated ), they both can take care of the escape for you.

Mysql_real_escape_string undefined

More articles: