CODEWITHSUNDEEP
phpmysqlubuntu
MichaelH
MichaelH

Reputation: 1620

mysql_real_escape_string is undefined

I am using PHP version 5.3 and trying to use mysql_real_escape_string($unescaped_string) in my code, but I get the error:

Fatal error: Call to undefined function mysql_real_escape_string() 
in /var/www/engine/database.php on line 38

I can still connect to the database however. Why is it not available?

I am using PHP version 5.3.

Upvotes: 12

Views: 79286

Answers (4)

speksy
speksy

Reputation: 810

In my case I used mysqli_real_escape_string instead of mysql_real_escape_string.

Upvotes: 9

Vyktor
Vyktor

Reputation: 20997

Update as mentioned in comment, mysql_ has been deprecated since 5.5:

The mysql extension has been deprecated since PHP 5.5. The mysqli or PDO extension should be used instead. The deprecation has been decided in mysql_deprecation, where a discussion of the reasons behind this decision can be found.

and removed in PHP 7.

mysql_real_escape_string() is standard part of MySQL function "batch" and should always work if the extension is loaded correctly.

Does any another mysql_ function work? (It should not)

Make sure, that you have this line uncommented in your php.ini:

extension=mysql.so

Also it'd be wise to use mysqli or PDO instead (mysql_ is deprecated), they both can take care of escaping for you.

Upvotes: 20

Kristoffer Bohmann
Kristoffer Bohmann

Reputation: 4094

MySQL extension is deprecated since PHP 5.5. mysql_real_escape_string() is therefore not available in PHP 7. This means that user input cannot be escaped correctly and leaves the code open to SQL injection attacks.

The PHP-official solution is to replace ext/mysql with MySQLi, PDO or other supported database extension.

To prevent SQL injection attacks, it is recommended to use prepared statements and parameterized queries when talking to the database.

Upvotes: 0

JWL
JWL

Reputation: 14201

Interestingly, after exploring all the other solutions here, I realized the problem is actually due to the php5-mysql extension not having been installed yet - it's not installed by default on a fresh Ubuntu, neither when u install fresh php. So, for me the solution became: install the php5-mysql extension:

sudo apt-get install php5-mysql

After this, I wasn't getting those nasty mysql_* errors again ;-)

Upvotes: 1

Related Questions