I'm escaping all the string parameters I receive from a php form like this:
$usr_name = mysql_real_escape_string($_REQUEST['usr_name']);
to avoid a few problems with SQL Injection. But when I my string back from the function, I end up with nothing.
Also I keep getting this weird warning in my PHP log:
PHP Warning: mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: A link to the server could not be established in /hermes/bosweb/web279/b2798/ipw.bankingforms/public_html/formAckResponse_controller.php on line 39
The host uses: PHP Version 4.4.7
From PHP.net:
Note: A MySQL connection is required before using
mysql_real_escape_string()
otherwise an error of levelE_WARNING
is generated, andFALSE
is returned. Iflink_identifier
isn't defined, the last MySQL connection is used.
In other words, you will have needed to connect to the MySQL database through mysql_connect()
or mysql_pconnect()
before you can use this function.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With