Step 56 – mysql_escape_string

I don’t refer to the PHP manual very much for commonly used functions, so I almost missed this one. The ‘mysql_escape_string’ function that’s used in subs.php to prepare data for insertion into the database is deprecated as of PHP 5.3 and should be replaced with ‘mysql_real_escape_string’.

From the PHP manual:

This function [mysql_escape_string()] is identical to mysql_real_escape_string() except that mysql_real_escape_string() takes a connection handler and escapes the string according to the current character set. mysql_escape_string() does not take a connection argument and does not respect the current charset setting.

The new function – mysql_real_escape_string – has been available since PHP 4.3 and, quite frankly, you really shouldn’t be running on anything older than that! So, at the next release of the RTE, I’ll be changing the database functions in subs.php to reflect this change.

On a final note, it’s still my intention to convert the code to run on a database abstraction layer, but I just haven’t had the time to do that yet!

This entry was posted in Run Time Environment. Bookmark the permalink.

3 Responses to Step 56 – mysql_escape_string

  1. Allan says:

    The End?
    It’s a article of great worth!

  2. Steve Addison says:

    Just about to start up again – a new post should be out later today.

  3. Mc Allan says:

    Hi steven,

    The whole article is great worth! and it’s been almost 6 years now!
    Do you still have plan to update ?

Leave a Reply

Your email address will not be published. Required fields are marked *