Mysql_real_escape_string vs. mysql_escape_string

jjfletch

Help!

So, apparently, I can't use mysql_real_escape_string because my hosting service only has PHP v. 4.2.2 installed (even though their documentation claims to have 4.3.3...)

I have the following function in one of my scripts:

function escape_data ($data) {
global $dbc;
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
}
return mysql_real_escape_string (trim ($data), $dbc);

How do I rewrite it to use just the mysql_escape_string?

If I do:

function escape_data ($data) {
global $dbc;
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
}
return mysql_escape_string (trim ($data), $dbc);

It won't work because I've got an extra variable in there.

If I do:

function escape_data ($data) {
global $dbc;
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
}
return mysql_real_escape_string (trim ($data));

It just fails.

If I take it out completely, then this part of another script:

if (eregi ("^[[:alpha:].' -]{2,15}$", stripslashes(trim($POST['first_name'])))) {
$fn = escape_data($POST['first_name']);
} else {
$fn = FALSE;
echo '<P><font color="red" size="+1">Please enter your first name </font></p>';
}

Won't work because there's no defined function for escape_data.

Any ideas or suggestions?

Thanks.

designguy79

Your second attempt was the closest.

mysql_escape_string does not need the database connection resource link, so use this:

function escape_data ($data) {
  if (ini_get('magic_quotes_gpc')) {
    $data = stripslashes($data);
  }
  return mysql_escape_string (trim ($data));
}

HTH