Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

mysql_escape_string() function is deprecated use mysql_real_escape_string() Codeigniter

I am running a web app in codeigniter running on server. Here I've a user registration form, which works fine in localhost. But when it comes to server,when I try to register an user,my page shows the error:

mysql_escape_string() function is deprecated use mysql_real_escape_string() in mysql/mysql_driver

I tried changing my mysql_driver page but after changing everything goes blank. Can anyone help me to solve this error?

like image 475
Aishwaryas Avatar asked Jan 10 '15 05:01

Aishwaryas


People also ask

Is Mysql_real_escape_string deprecated?

This extension was deprecated in PHP 5.5. 0, and it was removed in PHP 7.0.

What is the use of Mysql_real_escape_string () function?

The real_escape_string() / mysqli_real_escape_string() function escapes special characters in a string for use in an SQL query, taking into account the current character set of the connection.

Does Mysql_real_escape_string prevent SQL injection?

mysql_real_escape_string ALONE can prevent nothing. Moreover, this function has nothing to do with injections at all. Whenever you need escaping, you need it despite of "security", but just because it is required by SQL syntax. And where you don't need it, escaping won't help you even a bit.

Why does Mysql_real_escape_string need a connection?

mysql_real_escape_string() and prepared statements need a connection to the database so that they can escape the string using the appropriate character set - otherwise SQL injection attacks are still possible using multi-byte characters.


1 Answers

If you are using PHP 5.4 the function mysql_escape_string() is deprecated.So you need to do some changes in mysql driver file.Go to system\database\drivers\mysql\mysql_driver.php and find the escape_str function and replace the functions code with this code:

/**
  * Escape String
  *
  * @param string
  * @param bool whether or not the string will be used in a LIKE condition
  * @return string
  */
 public function escape_str($str, $like = FALSE)
 {
  if (is_array($str))
  {
   foreach ($str as $key => $val)
      {
    $str[$key] = $this->escape_str($val, $like);
      }

      return $str;
     }

  $str = is_resource($this->conn_id) ? mysql_real_escape_string($str, $this->conn_id) : addslashes($str);

  // escape LIKE condition wildcards
  if ($like === TRUE)
  {
   return str_replace(array($this->_like_escape_chr, '%', '_'),
      array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
      $str);
  }

  return $str;
 }

It may help you...

like image 157
Sinsil Mathew Avatar answered Nov 15 '22 00:11

Sinsil Mathew