I am running a web app in codeigniter running on server. Here I've a user registration form, which works fine in localhost. But when it comes to server,when I try to register an user,my page shows the error:
mysql_escape_string() function is deprecated use mysql_real_escape_string() in mysql/mysql_driver
I tried changing my mysql_driver page but after changing everything goes blank. Can anyone help me to solve this error?
This extension was deprecated in PHP 5.5. 0, and it was removed in PHP 7.0.
The real_escape_string() / mysqli_real_escape_string() function escapes special characters in a string for use in an SQL query, taking into account the current character set of the connection.
mysql_real_escape_string ALONE can prevent nothing. Moreover, this function has nothing to do with injections at all. Whenever you need escaping, you need it despite of "security", but just because it is required by SQL syntax. And where you don't need it, escaping won't help you even a bit.
mysql_real_escape_string() and prepared statements need a connection to the database so that they can escape the string using the appropriate character set - otherwise SQL injection attacks are still possible using multi-byte characters.
If you are using PHP 5.4 the function mysql_escape_string() is deprecated.So you need to do some changes in mysql driver file.Go to system\database\drivers\mysql\mysql_driver.php and find the escape_str
function and replace the functions code with this code:
/**
* Escape String
*
* @param string
* @param bool whether or not the string will be used in a LIKE condition
* @return string
*/
public function escape_str($str, $like = FALSE)
{
if (is_array($str))
{
foreach ($str as $key => $val)
{
$str[$key] = $this->escape_str($val, $like);
}
return $str;
}
$str = is_resource($this->conn_id) ? mysql_real_escape_string($str, $this->conn_id) : addslashes($str);
// escape LIKE condition wildcards
if ($like === TRUE)
{
return str_replace(array($this->_like_escape_chr, '%', '_'),
array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
$str);
}
return $str;
}
It may help you...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With