+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: mysqli_real_escape_string() (/showthread.php?tid=5832)
Pages:
1
2
mysqli_real_escape_string() - El Forum - 02-05-2008
[eluser]Tyrael[/eluser]
codeigniter This function is deprecated; use mysql_real_escape_string() instead.
I'm using the latest CI and mysql with mysqli library.
the escape_str in the mysqli driver:
function escape_str($str)
{
if (function_exists('mysqli_real_escape_string') AND is_resource($this->conn_id))
{
return mysqli_real_escape_string($this->conn_id, $str);
}
elseif (function_exists('mysql_escape_string'))
{
return mysql_escape_string($str);
}
else
{
return addslashes($str);
}
}
So the CI must specify the connection id in the mysqli driver class, or else it will not use the mysqli_real_escape_string function, and this will generate a Warning.
Tyrael
mysqli_real_escape_string() - El Forum - 02-05-2008
[eluser]Seppo[/eluser]
I don't understand what you say. Can you explain? When will a warning come up?
mysqli_real_escape_string() - El Forum - 02-05-2008
[eluser]Tyrael[/eluser]
set your default db connection dbdriver setting to:
$db['default']['dbdriver'] = "mysqli";
then run a query with some params what needs to be escaped.
Tyrael
mysqli_real_escape_string() - El Forum - 02-05-2008
[eluser]Seppo[/eluser]
Using mysqli driver
$this->db->query('SELECT * FROM test WHERE "1" = ?', array('1'));
produces
SELECT * FROM test WHERE "1" = '1'
as expected... can you copy the warning you are getting?
mysqli_real_escape_string() - El Forum - 02-05-2008
[eluser]Tyrael[/eluser]
$this->db->query('SELECT CONCAT(?, ?)', array('?_(GQOoV', '?_(GQOoV'));
A PHP Error was encountered
Severity: Warning
Message: mysql_escape_string() [function.mysql-real-escape-string]: This function is deprecated; use mysql_real_escape_string() instead.
Filename: mysqli/mysqli_driver.php
Line Number: 258
A PHP Error was encountered
Severity: Warning
Message: mysql_escape_string() [function.mysql-real-escape-string]: This function is deprecated; use mysql_real_escape_string() instead.
Filename: mysqli/mysqli_driver.php
Line Number: 258
my database.php:
$active_group = "default";
$active_record = TRUE;
$db['default']['hostname'] = "localhost";
$db['default']['username'] = "asd";
$db['default']['password'] = "bsd";
$db['default']['database'] = "asd";
$db['default']['dbdriver'] = "mysqli";
$db['default']['dbprefix'] = "";
$db['default']['pconnect'] = TRUE;
$db['default']['db_debug'] = TRUE;
$db['default']['cache_on'] = FALSE;
$db['default']['cachedir'] = "";
$db['default']['char_set'] = "utf8";
$db['default']['dbcollat'] = "utf8_hungarian_ci";
Tyrael
mysqli_real_escape_string() - El Forum - 02-05-2008
[eluser]Seppo[/eluser]
I actually have mysqli_real_escape_string function, so I wan't getting there... but also I'm not getting the warning... Even with
Code:
<?php
error_reporting(E_ALL | E_STRICT);
echo mysql_escape_string("Hello");
?>Can I know your PHP version?
mysqli_real_escape_string() - El Forum - 02-05-2008
[eluser]Tyrael[/eluser]
the $this->conn_id is set, but its a mysqli_object, not a resource, so the
if (function_exists('mysqli_real_escape_string') AND is_resource($this->conn_id))
condition will never be true.
I replaced it with
if (function_exists('mysqli_real_escape_string') AND !empty($this->conn_id))
Tyrael
mysqli_real_escape_string() - El Forum - 02-05-2008
[eluser]Seppo[/eluser]
You are SO right...
Please report it in bug tracker
mysqli_real_escape_string() - El Forum - 02-05-2008
[eluser]Tyrael[/eluser]
done
Tyrael
mysqli_real_escape_string() - El Forum - 10-03-2009
[eluser]Daniel MC[/eluser]
I have a problem with this function mysql_real_escape_string() in mysql driver, I hope you can help me with this.
The code is this:
Code:
/**
* Escape String
*
* @access public
* @param string
* @return string
*/
function escape_str($str, $like = FALSE)
{
if (is_array($str))
{
foreach($str as $key => $val)
{
$str[$key] = $this->escape_str($val, $like);
}
return $str;
}
if (function_exists('mysql_real_escape_string') AND is_resource($this->conn_id))
{
$str = mysql_real_escape_string($str, $this->conn_id);
}
elseif (function_exists('mysql_escape_string'))
{
$str = mysql_escape_string($str);
}
else
{
$str = addslashes($str);
}
// escape LIKE condition wildcards
if ($like === TRUE)
{
$str = str_replace(array('%', '_'), array('\\%', '\\_'), $str);
}
return $str;
}