I am using PHP version 5.3 and trying to use mysql_real_escape_string($unescaped_string)
in my code, but I get the error:
Fatal error: Call to u
Update as mentioned in comment, mysql_
has been deprecated since 5.5:
The mysql extension has been deprecated since PHP 5.5. The mysqli or PDO extension should be used instead. The deprecation has been decided in mysql_deprecation, where a discussion of the reasons behind this decision can be found.
and removed in PHP 7.
mysql_real_escape_string()
is standard part of MySQL function "batch" and should always work if the extension is loaded correctly.
Does any another mysql_
function work? (It should not)
Make sure, that you have this line uncommented in your php.ini
:
extension=mysql.so
Also it'd be wise to use mysqli or PDO instead (mysql_ is deprecated), they both can take care of escaping for you.