mysql-real-escape-string

PHP, jQuery and .post(): mysql_real_escape_string messes things up.

Hi! I have been tearing my hair with this one for a while. index.php: $(document).ready(function(){ $(".index_login_subm").click(function(){ uid = $("input:username").val(); pwd = $("input:password").val(); $.post("backend/login.php",{ uid:uid, pwd:pwd },function(data){ ...

On form submittal, a tick kills the app. But only in production.

A client just recently moved an application through the stages to production. I set up a testing environment on an "out-of-the-box" LAMP server, and can submit a form with a tick in the textarea. But in production the exact same code dies, but doesn't even execute the "or die();" I mysql_real_escape_string the input, which is why it w...

mysqli real_escape_string problem

When im inserting to the database on my dev server the text goes in fine, for example "that's" is "that's" in the db. when uploading the exact same code to production server (hosted on a reseller account at bluehost) "that's" becomes "that\'s", im not double escaping, its exactly the same code, what could be the issue here? ...

Decoding mysql_real_escape_string() for outputting HTML

I'm trying to protect myself from sql injection and am using: mysql_real_escape_string($string); When posting HTML it looks something like this: <span class="\&quot;className\&quot;"> <p class="\&quot;pClass\&quot;" id="\&quot;pId\&quot;"></p> </span> I'm not sure how many other variations real_escape_string adds so don't want to j...

apostrophe in mysql/php

i'm trying to learn php/mysql. inserting data into mysql works fine but inserting those with apostrophe is generating an error. i tried using mysql_real_escape_string, yet this doesn't work. would appreciate any help. <?php include 'config.php'; echo "Connected <br />"; $auth = $_POST['author']; $quo = $_POST['quote']; $author...

Does using magic_quotes() affect the use of mysql_real_escape_string()

If I have magic_quotes switched on and I use mysql_real_escape_string, will the tring be double escaped? Will it cause problems? I assume so based on the get_magic_quotes() function but just seeking confirmation. (PS it's easier to ask this question than test it in my office with all the security we have in place - It takes me 10-15 to...

MySQL escape string help

I have a pretty large insert statement something like INSERT INTO multimedia (filename, regex, flag) VALUES (('adsfavr.jpg', '<div id="title">', 0), (...), (...)); How do I prepare the query for MySQL.It's too long to do it manually. It includes double quotes so I can't use the php function mysql_real_escape_string() ...

mysql_real_escape_string is storing the data in the database along with backslashes

When i am using mysql_real_escape_string on my unescaped strings the data in the database is storing with the backslashes which should not happen. I have magic_quotes_gpc OFF not sure why this is happening. Any idea ? Is there any setting in the mysql database which needs to be modified. I am not using addslashes any where in the code...

mysql_real_escape more than once

I was just wondering whether it makes a difference if I mysql_real_escape data more than once? So if I escaped data in one part of my website, and then again in another part of code. Would this be a problem? Or make a difference? ...

mysql_real_escape_string() just makes an empty string?

I am using a jQuery AJAX request to a page called like.php that connects to my database and inserts a row. This is the like.php code: <?php // Some config stuff define(DB_HOST, 'localhost'); define(DB_USER, 'root'); define(DB_PASS, ''); define(DB_NAME, 'quicklike'); $link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die('ERROR: ' . m...

Do I need to use mysql_real_escape_string on database data for re-insert?

Hello and thanks in advance. I am retrieving data from the db. The data already went through mysql_real_escape_string when it was added to the db. Once retrieved I am comparing it to a raw variable and depending upon the result I may be re-inserting the original db data back into the db into another, different, field. My question is, ...

my GET variable is being escaped?

I'm really confused here, can someone explain this to me? request: http://example.com/test.php?var=String's $a = $_GET["var"]; $b = "String's"; echo $a . "<br/>"; echo $b . "<br/>"; $output = mysql_real_escape_string($a); $output = mysql_real_escape_string($b); echo "<hr/>"; echo $a . "<br/>"; echo $b . "<br/>"; result: String\'...

Mysql Escape String Youtube Embed Code Not Working

I'm trying to do one thing and one thing only. $embedCode = mysql_real_escape_string('<object width="270" height="227"><param name="movie" value="http://www.youtube.com/v/pz-VWi5-tGA?fs=1&amp;amp;hl=en_US&amp;amp;rel=0"&gt;&lt;/param&gt;&lt;param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always">...

PHP Protect query from mysqyl Injection.

How can I add mysql_real_escape_string() to this::: $result = mysql_send("INSERT customers SET user='$username', pword='$pass1', firstname='$firstname', lastname='$lastname', email='$email', active='No', activecode='$activecode', dateofbirth='$dateofbirth', gender='$ge...

Undefined function with mysql_escape

I revieving the following error when trying use mysql_real_escape() function Fatal error: Call to undefined function mysql_real_escape() in /var/www/registration/index.php on line 169. What is wrong??? $result = mysql_send("INSERT customers SET user= $username, pword= ...

Validating user input?

Hi, I am very confused over something and was wondering if someone could explain. In PHP i validate user input so htmlentitiies, mysql_real_escape_string is used before inserting into database, not on everything as i do prefer to use regular expressions when i can although i find them hard to work with. Now obviously i will use mysql_r...

Transactions using mysql_real_escape_string

Working with MySQL lately, from PHP, I am wondering about this: What is the performance impact by using mysql_real_escape_string() multiple times at a script? Is it worth to try to reduce the number of calls to this function for a given script? Does it determines the character set of the connection each time is called, or this value is...

mysql_escape_string VS mysql_real_escape_string

So this is something we all should know about, and played on my mind when I first seen it.. I know that mysql_escape_string is depreciated from 5.3 but what was the actual difference in mysql_real_escape_string. What I thought was that mysql_real_escape_string is the exact same as mysql_escape_string apart from mysql_real_escape_string...

mysql_real_escape_string ISSUE

If I type ' into my search bar I get a mysql error as the "sting" has not been escaped- it think. But the reason why I cant escape it is because I dont think it currently is a string. the search box generates search results dynamically with ajax it is as I type and it finds the results that I get the error: You have an err...

Can't use mysql_real_escape_string

So, I'm getting this warning when using mysql_real_escape_string Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'username'@'localhost' (using password: NO) in /home/path/php/functions.php on line 11 The rest of the site works fine, connects to the DB and all, but I get an error when usi...