mysql_real_escape_string?

nefus · 02-03-2009, 07:50 PM

Heya guys. I am truly puzzled by mysql_real_escape_string.

From what I understand you need to make a database connection before the function will work. I think that I'm doing this.

Code:

$link = mysqli_connect( $sql_server, $sql_user , $sql_password ) or die ('Unable to connect to server.'. mysqli_error());

mysqli_select_db( $link, $sql_database ) or die ('Unable to select database.'. mysqli_error());

$username 	= mysql_real_escape_string($username, $link);
$password 	= mysql_real_escape_string($password);

The $username line gives me error:
Warning: mysql_real_escape_string() expects parameter 2 to be resource...

The $password line gives me another error.
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in...

I would think one of these would work, suggestions??

Krik · 02-03-2009, 08:09 PM

Not sure if this is relevant but on the second error with the password that reference to ODBC makes me wonder if you are using a sql database at all. And in particular a MySQL database.

Village Idiot · 02-03-2009, 08:38 PM

Both errors would suggest that the MySql connection is invalid.

nefus · 02-03-2009, 08:55 PM

Actually a quick test without the mysql_real_escape_string() demonstrated that it worked fine. Data was injected correctly into the database.

nefus · 02-03-2009, 09:07 PM

Well, I found the problem.

It should be:
$username = mysqli_real_escape_string($link, $username);

Not:
$username = mysql_real_escape_string($username, $link);

The first statements were mysqli so that was a mistake on my part. The odd thing is that $link comes first with mysqli and second with mysql.

Village Idiot · 02-04-2009, 12:23 AM

It might be to make sure you can't accidentally pass one off as the other because they look almost identical.

Wildhoney · 02-04-2009, 01:47 AM

Do you have to specify the link in most of the mysqli_ functions? My thinking is that MySQLi has the link parameter first because that is essential for MySQLi to work correctly. In the mysql_ functions it didn't matter too much if you didn't specify the link because if only one connection was open, then that was obviously the default.

My question, why is the link parameter essential for MySQLi?

Salathe · 02-04-2009, 10:50 AM

My question, why use the global functions when the OO approach is much prettier?

Rainman · 02-19-2013, 05:25 AM

Welcome to mmoggg website to buy RS Gold, offer a lot, of course, Diablo 3 Gold and Cheap RS Gold, to be purchased at any time, at any time shipment, and Diablo 3 Gold Kaufen look forward to your visit!