1

Can some one please explain why this simple form doesnt work?

The problem is that when I use mysql_real_escape_string() the result are nothing, when I remove it it works perfectly can you please see whats wrong here?

This is the full simple code,

<?php

// Loop the post fields
$postFields = array('username', 'password', 'checkSubmission');
$postArray = array();
foreach($postFields as $postVal){
    $postArray[$postVal] = mysql_real_escape_string($_POST[$postVal]);
}
print_r($postArray);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Signin</title>
<head>
</head>
<body><? echo $error;?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post" id="signinForm">
    Username: <input type="text" name="username" value="" />
    Password: <input type="password" name="password" value="" />
    <input type="hidden" name="checkSubmission" value="1" />
    <input type="submit" name="Submit" value="Signin" />
</form>
</body>
</html>

EDIT:

The print_r() is empty when I use mysql_real_escape_string()

Array ( [username] => [password] => [checkSubmission] => )

And this is the print_r() without mysql_real_escape_string()

Array ( [username] => thre[password] => werr[checkSubmission] => 1)

Thank you for you help

Improve this question
5
  • 2
    Can you put the return of "print_r($postArray);" ? Commented Jul 16, 2012 at 13:58
  • I updated the question, please take a look Commented Jul 16, 2012 at 14:03
  • 3
    Are you connected to your database? mysql_real_escape_string only works if you are connected to the database first. Commented Jul 16, 2012 at 14:04
  • 2
    Ok, I got it, can't use mysql_real_esape_string with PDO, Commented Jul 16, 2012 at 14:09
  • 1
    mysql_real_escape_string cannot use connection of PDO. If you are using PDO, than use PDO::quote instead Commented Jul 16, 2012 at 14:11

1 Answer 1

Reset to default
7

mysql_real_escape_string() requires an active database connection.

From the php manual:

A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn't defined, the last MySQL connection is used.

http://php.net/manual/en/function.mysql-real-escape-string.php

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I'm using PDO, but this is the answer of my question :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.