发表新帖
发表新帖

mysql_real_escape_string is undefined

前端 未结
关注
5 1920
佛祖请我去吃肉
佛祖请我去吃肉 2020-12-06 10:41

I am using PHP version 5.3 and trying to use mysql_real_escape_string($unescaped_string) in my code, but I get the error:

Fatal error: Call to u
相关标签:
5条回答
  • 借酒劲吻你
    2020-12-06 11:26

    Maybe your problem resides into the php server config (compiling).

    Here more information about the mysql_real_escape_string: http://www.php.net/manual/en/function.mysql-real-escape-string.php

    0 讨论(0)
  • 有刺的猬
    2020-12-06 11:27

    Update as mentioned in comment, mysql_ has been deprecated since 5.5:

    The mysql extension has been deprecated since PHP 5.5. The mysqli or PDO extension should be used instead. The deprecation has been decided in mysql_deprecation, where a discussion of the reasons behind this decision can be found.

    and removed in PHP 7.

    mysql_real_escape_string() is standard part of MySQL function "batch" and should always work if the extension is loaded correctly.

    Does any another mysql_ function work? (It should not)

    Make sure, that you have this line uncommented in your php.ini:

    extension=mysql.so

    Also it'd be wise to use mysqli or PDO instead (mysql_ is deprecated), they both can take care of escaping for you.

    0 讨论(0)
  • 一整个雨季
    2020-12-06 11:35

    In my case I used mysqli_real_escape_string instead of mysql_real_escape_string.

    0 讨论(0)
  • 太阳男子
    2020-12-06 11:39

    MySQL extension is deprecated since PHP 5.5. mysql_real_escape_string() is therefore not available in PHP 7. This means that user input cannot be escaped correctly and leaves the code open to SQL injection attacks.

    The PHP-official solution is to replace ext/mysql with MySQLi, PDO or other supported database extension.

    To prevent SQL injection attacks, it is recommended to use prepared statements and parameterized queries when talking to the database.

    0 讨论(0)
  • 轻奢々
    2020-12-06 11:45

    Interestingly, after exploring all the other solutions here, I realized the problem is actually due to the php5-mysql extension not having been installed yet - it's not installed by default on a fresh Ubuntu, neither when u install fresh php. So, for me the solution became: install the php5-mysql extension:

    sudo apt-get install php5-mysql

    After this, I wasn't getting those nasty mysql_* errors again ;-)

    0 讨论(0)
 看不清?
提交回复
热议问题