1

Can some one please explain why this simple form doesnt work?

The problem is that when I use mysql_real_escape_string() the result are nothing, when I remove it it works perfectly can you please see whats wrong here?

This is the full simple code,

<?php

// Loop the post fields
$postFields = array('username', 'password', 'checkSubmission');
$postArray = array();
foreach($postFields as $postVal){
    $postArray[$postVal] = mysql_real_escape_string($_POST[$postVal]);
}
print_r($postArray);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Signin</title>
<head>
</head>
<body><? echo $error;?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post" id="signinForm">
    Username: <input type="text" name="username" value="" />
    Password: <input type="password" name="password" value="" />
    <input type="hidden" name="checkSubmission" value="1" />
    <input type="submit" name="Submit" value="Signin" />
</form>
</body>
</html>

EDIT:

The print_r() is empty when I use mysql_real_escape_string()

Array ( [username] => [password] => [checkSubmission] => )

And this is the print_r() without mysql_real_escape_string()

Array ( [username] => thre[password] => werr[checkSubmission] => 1)

Thank you for you help

Improve this question
5
  • 2
    Can you put the return of "print_r($postArray);" ? Commented Jul 16, 2012 at 13:58
  • I updated the question, please take a look Commented Jul 16, 2012 at 14:03
  • 3
    Are you connected to your database? mysql_real_escape_string only works if you are connected to the database first. Commented Jul 16, 2012 at 14:04
  • 2
    Ok, I got it, can't use mysql_real_esape_string with PDO, Commented Jul 16, 2012 at 14:09
  • 1
    mysql_real_escape_string cannot use connection of PDO. If you are using PDO, than use PDO::quote instead Commented Jul 16, 2012 at 14:11

1 Answer 1

Reset to default
7

mysql_real_escape_string() requires an active database connection.

From the php manual:

A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn't defined, the last MySQL connection is used.

http://php.net/manual/en/function.mysql-real-escape-string.php

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I'm using PDO, but this is the answer of my question :)

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.