Question
I have a problem with mysql real escape string.
https://stackoverflow.com/questions/20980424
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<?php
// Create connection
$con=mysqli_connect("localhost","xxxx","xxxx","xxxx");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
else{ echo"connected";}
?>
Now it echos connection. so this works fine. (I tried adding stuff into the db and that also works fine.
Now I try to do a mysqli_real_escape_string like this:
$email_address = $con->mysqli_real_escape_string($_POST['email']);
But this gives me a error:
Fatal error: Call to undefined method mysqli::mysql_escape_string() in Blabla/blabla.php on line 15
(the line where I call the escape string)
Anyone has any idea what I'm doing wrong?
Solution
Because you don't have your sql in your question here 2 examples:
Object oriented style
$city = $mysqli->real_escape_string($city);
or the procedural style
$city = mysqli_real_escape_string($link, $city);
For more information see this: php.net/mysqli_real_escape_string
Also see Prepare statements this is better than mysqli_real_escape_string php.net/manual/en/mysqli.prepare.php
OTHER TIPS
Change to:
$email_address = $con->real_escape_string($_POST['email']);
Check the manual: http://php.net/mysqli_real_escape_string
