So my host runs an older version of php in which the mysql_real_escape_string function is not included. Does anyone know where I could get the function implementation or some other function that does the same thing so I could include that on my php pages? I'm still a little confused on exactly everything the function does, so I'm a little afraid of trying to write my own.
[RESOLVED] alternative to mysql_real_escape_string?
[man]mysql_escape_string[/man] or if there's really something amiss then [man]addslashes[/man]
and I feel stupid for looking over that so many times. Thanks
8 years later
$search = array("\", "\x00", "\n", "\r", "'", '"', "\x1a");
$replace = array("\\","\0","\n", "\r", "\'", '\"', "\Z");
return str_replace($search, $replace, $query_input);
this is a little better than addslashes() function.
Holy thread necromancy, Batman!
Towhid;11038787 wrote:this is a little better than addslashes() function.
... but still not as safe as using a DBMS-specific escaping function or using prepared statements. (And by now, there's really no excuse why you aren't using the former.)