How do i solve this error? Deprecated: mysql_escape_string(): This function is deprecated; use mysql_real_escape_string() instead

php mysql sql string escaping

39,864

Solution 1

the error message clearly said it .

change this

 else return mysql_escape_string($source); // you are using mysql here

 else return mysqli_real_escape_string($source); //will be mysqli

OBS: you should switch to PDO or MYSQLI as MYSQL mysql_real_escape_string will also be deprecated :)

you are mixing Between mysqli and mysql .

EDIT: from your second error.

  mysqli_real_escape_string ($link ,$source )  // $link is your connection variable

ref

Solution 2

you need to connect mysql to the database before you use mysql_real_escape_string, this function doesn't work without mysql being connected to database.

39,864

Author by

FlikFlak

Updated on May 19, 2020

Comments

FlikFlak almost 4 years
I get stuck on the following:

Deprecated: mysql_escape_string(): This function is deprecated; use mysql_real_escape_string() instead. in /home/xtremeso/public_html/mp3/includes/class/_class_mysql.php on line 116
```
        function safesql( $source )
        {
            if ($this->db_id) return mysqli_real_escape_string ($this->db_id, $source);
            else return mysql_escape_string($source);
        }
```
I already tried to mysql_escape_real_string but that doesnt solve the issue. And ignoring php error messages via .htacces file doesnt work either
- Tamim Al Manaseer almost 10 years
  
  Did you fix it in the "else" as well?
- Funk Forty Niner almost 10 years
  
  I guess it's to switch over then. Make sure all instances of mysql_ in all your code including DB connection have been changed to mysqli_
FlikFlak almost 10 years

Indeed, i get again a error message when changed. now i got this error: Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in: etc.. on line 116. How do i switch to PDO?
echo_Me almost 10 years

check my edited answer.
Funk Forty Niner almost 10 years

OP should show full code including DB connection. You'll be editing this unless your fingers cramp up. The "answer" lies in my comment
echo_Me almost 10 years

hahaha you right :) , i was going to delete my answer as i got sucked :)
Funk Forty Niner almost 10 years

You know me by now. I never put in an answer when I don't see the whole picture ;-)
echo_Me almost 10 years

@Fred-ii- yes better , to dont edit 1000 edits :) .
Funk Forty Niner almost 10 years

Exactly. 1, 2, 3 edits at the most. Anything beyond that, I usually end up deleting.
Mave almost 10 years

No, that's mysqli_, not mysql.
echo_Me almost 10 years

I will just see what he will say after this last edit , from his error.
FlikFlak almost 10 years

When i changed to ur edited post: now i got this error: Warning: mysqli_real_escape_string() expects exactly 1 parameters, to be mysqli null given in: etc.. on line 116
FlikFlak almost 10 years

well, i just used this now.. <?php // Turn off all error reporting error_reporting(0); ?>