mysql_real_escape_string is undefined
Update as mentioned in comment, mysql_
has been deprecated since 5.5:
The mysql extension has been deprecated since PHP 5.5. The mysqli or PDO extension should be used instead. The deprecation has been decided in mysql_deprecation, where a discussion of the reasons behind this decision can be found.
and removed in PHP 7.
mysql_real_escape_string()
is standard part of MySQL function "batch" and should always work if the extension is loaded correctly.
Does any another mysql_
function work? (It should not)
Make sure, that you have this line uncommented in your php.ini
:
extension=mysql.so
Also it'd be wise to use mysqli
or PDO
instead (mysql_
is deprecated), they both can take care of escaping for you.
Call to undefined function mysql_real_escape_string()
Try using:
$link = mysqli_connect("127.0.0.1", "my_user", "my_password", "my_db");
$value = trim($_POST['image']);
$value = mysqli_real_escape_string($link, $value);
mysqli_close();
Since new php version mysqli is used instead of mysql.
Notice the letter "i".
Where $link stands for the mysqli_connect.
Uncaught Error: Call to undefined function mysql_escape_string()
To help you out here... (too long for a comment)
Your require("config.php");
should contain the following:
Sidenote: Use the proper settings for your host.
$link = mysqli_connect("localhost", "username", "mpassword", "database") or die($link);
Then changing your escape functions to use the mysqli_
version of it and passing the connection parameter to it:
$name = mysqli_real_escape_string($link, $_POST['name']);
$lname = mysqli_real_escape_string($link, $_POST['lname']);
$uname = mysqli_real_escape_string($link, $_POST['uname']);
$email1 = mysqli_real_escape_string($link, $email1);
$email2 = mysqli_real_escape_string($link, $email2);
$pass1 = mysqli_real_escape_string($link, $pass1);
$pass2 = mysqli_real_escape_string($link, $pass2);
Again, same thing for the query. Using the i
version and passing connection to it as the first parameter.
mysqli_query($link, "INSERT INTO ...
Check for errors on your query using mysqli_error($link);
So you could modify the query to read as
$query = mysqli_query($link, "INSERT INTO ...
and doing
if(!$query){
echo "Error: " . mysqli_error($link);
}
Also read the following on Stack in regards to API mixing:
- Can I mix MySQL APIs in PHP?
- You can't.
mysql_
withmysqli_
or PDO etc. do NOT intermix together. You must use the same one from connecting to querying.
Footnotes.
Passwords
I also noticed that you may be storing passwords in plain text. This is not recommended. If you intend on going LIVE with this at some point, do NOT store passwords as plain text in your database.
Consult the following.
- CRYPT_BLOWFISH
crypt()
bcrypt()
scrypt()
- On OPENWALL
- PBKDF2
- PBKDF2 on PHP.net
- PHP 5.5's
password_hash()
function. - Compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/
Other links:
- PBKDF2 For PHP
Fatal error: Uncaught Error: Call to undefined function mysql_real_escape_string() in
The mysql_
API is obsolete and has been removed from PHP (in favour of PDO and mysqli_
).
You are using PDO though, so you should use the PDO method to defend against SQL Injection, which you already are:
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
is sufficient to defend against SQL injection.
Fatal Error: Uncaught error Call to undefined function mysql_real_escape_string() HTML/PHPMYADMIN
I recommend to use mysqli
(replace mysql
with mysqli
in your code) and to connect to your database with a variable.
Like this:
$db = mysqli_connect("localhost", "username", "", "database");
Then you have to put $db
in your mysqli_query
as a parameter.
Here is an example:
$result = mysqli_query($db, "select * from login where username='$username' and password='$password'");
Error with mysql_real_escape_string()
mysql_ has been deprecated since 5.5:
The mysql extension has been deprecated since PHP 5.5. The mysqli or PDO extension should be used instead. The deprecation has been decided in mysql_deprecation, where a discussion of the reasons behind this decision can be found.
and removed in PHP 7.
mysql_real_escape_string()
is standard part of MySQL function "batch" and should always work if the extension is loaded correctly.
Does any another mysql_ function work? (It should not)
Make sure, that you have this line uncommented in your php.ini:
extension=mysql.so
Also it'd be wise to use mysqli or PDO instead (mysql_ is deprecated), they both can take care of escaping for you.
Related Topics
Using Ajax to Pass Variable to PHP and Retrieve Those Using Ajax Again
How to Get Page Number on Dompdf PDF When Using "View"
Mysqli_Select_Db() Expects Parameter 1 to Be MySQLi, String Given
PHP Regex to Get String Inside Href Tag
Transfer Variables Between PHP Pages
Order by Before Group by Using Eloquent (Laravel)
Saving Images in Database MySQL
PHP Web Scraping of JavaScript Generated Contents
How to Properly Handle Session and Access Token with Facebook PHP Sdk 3.0
Wordpress: Loading Multiple Scripts with Enqueue
Php: Split Multibyte String (Word) into Separate Characters
Php: iPad Does Not Play Mp4 Videos Delivered by PHP, But If Accessed Directly It Does
JavaScript Function Post and Call PHP Script