I am using PHP version 5.3 and trying to use mysql_real_escape_string($unescaped_string)
in my code, but I get the error:
Fatal error: Call to u
Maybe your problem resides into the php server config (compiling).
Here more information about the mysql_real_escape_string: http://www.php.net/manual/en/function.mysql-real-escape-string.php
Update as mentioned in comment, mysql_
has been deprecated since 5.5:
The mysql extension has been deprecated since PHP 5.5. The mysqli or PDO extension should be used instead. The deprecation has been decided in mysql_deprecation, where a discussion of the reasons behind this decision can be found.
and removed in PHP 7.
mysql_real_escape_string()
is standard part of MySQL function "batch" and should always work if the extension is loaded correctly.
Does any another mysql_
function work? (It should not)
Make sure, that you have this line uncommented in your php.ini
:
extension=mysql.so
Also it'd be wise to use mysqli or PDO instead (mysql_ is deprecated), they both can take care of escaping for you.
In my case I used mysqli_real_escape_string
instead of mysql_real_escape_string
.
MySQL extension is deprecated since PHP 5.5. mysql_real_escape_string() is therefore not available in PHP 7. This means that user input cannot be escaped correctly and leaves the code open to SQL injection attacks.
The PHP-official solution is to replace ext/mysql with MySQLi, PDO or other supported database extension.
To prevent SQL injection attacks, it is recommended to use prepared statements and parameterized queries when talking to the database.
Interestingly, after exploring all the other solutions here, I realized the problem is actually due to the php5-mysql
extension not having been installed yet - it's not installed by default on a fresh Ubuntu, neither when u install fresh php. So, for me the solution became: install the php5-mysql extension:
sudo apt-get install php5-mysql
After this, I wasn't getting those nasty mysql_* errors again ;-)