$mysqli->real_escape_string() not working

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • dragon52
    New Member
    • Jun 2009
    • 72
    #1

    $mysqli->real_escape_string() not working

    Hi there,

    Can anyone tell me why the escape_string routines work on my PC but not on the server?

    I am using object version of mysqli

    PC PHP version = 5.2.9-2
    Server PHP version = 5.3.2-1

    Code:
    if ($mysqli->set_charset("utf8")) {
}

$okName = $mysqli->real_escape_string($_POST['Name']);
$okName = htmlspecialchars(okName);
    test string = (Toby is a good <>'"-/)

    output on my pc = (Toby is a good &lt;&gt;\'\&quo t;-/)
    output on server = (Toby is a good <>'"-/), ie unchanged

    Thanks
    Tags: None
    • Luuk
      Recognized Expert Top Contributor
      • Mar 2012
      • 1043
      #2
      Change line 5 to:
      Code:
      $okName = htmlspecialchars($okName);

        Comment

        • dragon52
          New Member
          • Jun 2009
          • 72
          #3
          Thanks for your reply Luuk.

          I did have $okName in my program. That was a typing error in my question. Sorry.

          Any other ideas? What can be the difference between the systems on my PC and the server?

            Comment

            • Luuk
              Recognized Expert Top Contributor
              • Mar 2012
              • 1043
              #4
              How are you viewing the output of your server?
              If you do this in a browser, did you do a 'view source'?

                Comment

                • dragon52
                  New Member
                  • Jun 2009
                  • 72
                  #5
                  Thanks for your reply Luuk.

                  This is part of the code for a registration form. I save the user info to a mysql database. I am trying to validate the user input to eliminate potential problems such as chars "/<>'"\".

                  I test the code on my PC before migrating it to the server. So the code is the same in both environments.

                  I look at the db records created and noticed the functions have no effect on the server. I use the app "mySQL Query Browser" to look at the records on my pc and a browser to display server records. No haven't use "view source" to do that. Server is down right now. Output

                  db record on my pc = (Toby is a good &lt;&gt;\'\&quo t;-/)
                  db record on server = (Toby is a good <>'"-/), ie unchanged

                  thanks for your help. Ideas? Here is a bit more of my code .

                  Code:
                      $okName = $mysqli->real_escape_string($_POST['Name']);
    $okName = htmlentities($okName);

    $sql = "INSERT INTO OnlineTbl (UserName,..) VALUES ('okName',..)";

    if (!$mysqli->query($sql)) {
        die("Error: ".$mysqli->error);
    }

                    Comment

                    • Luuk
                      Recognized Expert Top Contributor
                      • Mar 2012
                      • 1043
                      #6
                      If you see a '<' in your browser,
                      Than the source might look like '&lt;'

                        Comment

                        • dragon52
                          New Member
                          • Jun 2009
                          • 72
                          #7
                          Yes, you are right.

                          I didn’t realise the browser would convert chars back automatically.

                          Thank you very much Luuk. Problem solved.

                            Comment

                            • mHealth
                              New Member
                              • Jun 2014
                              • 13
                              #8
                              Your server may have different configuration/version of mysql.

                                Comment

                                Previous template Next
                                Working...