mysql real escape string() Isn't Working

Forum Moderators: open

Message Too Old, No Replies

mysql real escape string() Isn't Working

JohnPorier

3:51 pm on Oct 24, 2007 (gmt 0)

I'm using mysql_real_escape_string() to prevent SQL injection, on my previous web server this would escape slashes to the values in my database. I now have a dedicated server and it doesn't seem to be adding the slashes, is something turned off? I'm not sure why there are no slashes.

physics

11:07 pm on Oct 24, 2007 (gmt 0)

Can you post an example line of code where you're calling this?

check magic_quotes_gpc also.

JohnPorier

1:01 am on Oct 25, 2007 (gmt 0)

Here is what I am using:

$type = mysql_real_escape_string($type);

I've also already opened up a MySQL connection with is something I know needs to happen. This code worked on another server, I don't get it.

coopster

2:27 pm on Oct 26, 2007 (gmt 0)

How do you know it is not escaping the string? Also, although it isn't a required parameter, I still use the resource link id when I invoke this function.

$type = mysql_real_escape_string($type, $link_identifier);