mysql_real_escape_string not echoing variable [closed]

Question

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.

Closed 8 years ago.

I'm trying to sanitize a variable and am having an issue.

This code outputs the echo correctly:

$to_raw = $_POST['to'] ;
echo $to_raw;

But this returns nothing:

$to_raw = mysql_real_escape_string($_POST['to']) ;
echo $to_raw;

Am I missing something?

Answer 1

The function mysql_real_escape_string doesn't work if you haven't called mysql_connect. Better workaround would be creating a MySQL connection on the top, before calling the mysql_real_escape_string.

mysql_connect("localhost");
$to_raw = mysql_real_escape_string($_POST['to']) ;
echo $to_raw;

Suggestion

It is better to use either PDO or mysqli_* functions compared to mysql_* functions as they are deprecated.