So my host runs an older version of php in which the mysql_real_escape_string function is not included. Does anyone know where I could get the function implementation or some other function that does the same thing so I could include that on my php pages? I'm still a little confused on exactly everything the function does, so I'm a little afraid of trying to write my own.

    [man]mysql_escape_string[/man] or if there's really something amiss then [man]addslashes[/man]

      and I feel stupid for looking over that so many times. Thanks

        8 years later

        $search = array("\", "\x00", "\n", "\r", "'", '"', "\x1a");
        $replace = array("\\","\0","\n", "\r", "\'", '\"', "\Z");
        return str_replace($search, $replace, $query_input);

        this is a little better than addslashes() function.

          Holy thread necromancy, Batman!

          Towhid;11038787 wrote:

          this is a little better than addslashes() function.

          ... but still not as safe as using a DBMS-specific escaping function or using prepared statements. (And by now, there's really no excuse why you aren't using the former.)

            Write a Reply...