Mysql_Real_Escape_String Is Undefined

mysql_real_escape_string is undefined

Update as mentioned in comment, mysql_ has been deprecated since 5.5:

The mysql extension has been deprecated since PHP 5.5. The mysqli or PDO extension should be used instead. The deprecation has been decided in mysql_deprecation, where a discussion of the reasons behind this decision can be found.

and removed in PHP 7.

---

mysql_real_escape_string() is standard part of MySQL function "batch" and should always work if the extension is loaded correctly.

Does any another mysql_ function work? (It should not)

Make sure, that you have this line uncommented in your php.ini:

extension=mysql.so

Also it'd be wise to use mysqli or PDO instead (mysql_ is deprecated), they both can take care of escaping for you.

Call to undefined function mysql_real_escape_string()

Try using:

$link = mysqli_connect("127.0.0.1", "my_user", "my_password", "my_db");
$value = trim($_POST['image']);
$value = mysqli_real_escape_string($link, $value);
mysqli_close();

Since new php version mysqli is used instead of mysql.
Notice the letter "i".
Where $link stands for the mysqli_connect.

Uncaught Error: Call to undefined function mysql_escape_string()

To help you out here... (too long for a comment)

Your require("config.php"); should contain the following:

Sidenote: Use the proper settings for your host.

$link = mysqli_connect("localhost", "username", "mpassword", "database") or die($link);

Then changing your escape functions to use the mysqli_ version of it and passing the connection parameter to it:

$name = mysqli_real_escape_string($link, $_POST['name']);
$lname = mysqli_real_escape_string($link, $_POST['lname']);
$uname = mysqli_real_escape_string($link, $_POST['uname']);
$email1 = mysqli_real_escape_string($link, $email1);
$email2 = mysqli_real_escape_string($link, $email2);
$pass1 = mysqli_real_escape_string($link, $pass1);
$pass2 = mysqli_real_escape_string($link, $pass2);

Again, same thing for the query. Using the i version and passing connection to it as the first parameter.

mysqli_query($link, "INSERT INTO ...

Check for errors on your query using mysqli_error($link);

So you could modify the query to read as

$query = mysqli_query($link, "INSERT INTO ...

and doing

if(!$query){
   echo "Error: " . mysqli_error($link);
   }

Also read the following on Stack in regards to API mixing:

• Can I mix MySQL APIs in PHP?
• You can't. mysql_ with mysqli_ or PDO etc. do NOT intermix together. You must use the same one from connecting to querying.

---

Footnotes.

Passwords

I also noticed that you may be storing passwords in plain text. This is not recommended. If you intend on going LIVE with this at some point, do NOT store passwords as plain text in your database.

Consult the following.

• CRYPT_BLOWFISH
• crypt()
• bcrypt()
• scrypt()
• On OPENWALL
• PBKDF2
• PBKDF2 on PHP.net
• PHP 5.5's password_hash() function.
• Compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/

Other links:

• PBKDF2 For PHP

Fatal error: Uncaught Error: Call to undefined function mysql_real_escape_string() in

The mysql_ API is obsolete and has been removed from PHP (in favour of PDO and mysqli_).

You are using PDO though, so you should use the PDO method to defend against SQL Injection, which you already are:

$stmt->bindParam(':email', $email, PDO::PARAM_STR); is sufficient to defend against SQL injection.

Fatal Error: Uncaught error Call to undefined function mysql_real_escape_string() HTML/PHPMYADMIN

I recommend to use mysqli (replace mysql with mysqli in your code) and to connect to your database with a variable.

Like this:

$db = mysqli_connect("localhost", "username", "", "database");

Then you have to put $db in your mysqli_query as a parameter.

Here is an example:

$result = mysqli_query($db, "select * from login where username='$username' and password='$password'");

Error with mysql_real_escape_string()

mysql_ has been deprecated since 5.5:

The mysql extension has been deprecated since PHP 5.5. The mysqli or PDO extension should be used instead. The deprecation has been decided in mysql_deprecation, where a discussion of the reasons behind this decision can be found.

and removed in PHP 7.

mysql_real_escape_string() is standard part of MySQL function "batch" and should always work if the extension is loaded correctly.

Does any another mysql_ function work? (It should not)

Make sure, that you have this line uncommented in your php.ini:

extension=mysql.so

Also it'd be wise to use mysqli or PDO instead (mysql_ is deprecated), they both can take care of escaping for you.

---

Related Topics