mysql_escape_string error message? / Forums / Community / EllisLab

Forum Logo

mysql_escape_string error message?

Posted: 19 October 2012 04:06 PM

[ Ignore ]

Joined: 2012-10-19
5 posts

I took over a project that is on CI 1.7.2 and have been attempting to update a bunch of rows but get the following error.

A PHP Error was encountered
Severity: 8192

Message: mysql_escape_string(): This function is deprecated; use mysql_real_escape_string() instead.

Filename: mysqli/mysqli_driver.php
Line Number: 304 

The CI code I have is below with the $data variable being an associative array of FieldName => Value. I’ve read other posts that I should change the dbdriver to mysqli which I tried and still get the same error.

What can I to allow the update to work with escaping? I’m new to CI and was wondering if a newer version would solve this issue how easy is it to update to the newest version?

foreach ($alldata as $data)
{
    $this->db->where('pricing_id',$priceID);
    $this->db->update('pricing',$data);
}
// I had to comment out this line as it was causing another issue. I'll be monitoring the DB connections to make sure this doesn't cause zombies.
//$this->db->close(); 

skunkbad

Posted: 19 October 2012 04:37 PM

[ Ignore ] [ # 1 ] [ Rating: 0 ]

Joined: 2009-05-17
1415 posts

Switch to mysqli or pdo mysql. See:

http://php.net/manual/en/function.mysql-escape-string.php

Signature

Brian
Brian’s Web Design - Temecula
Community Auth - CodeIgniter Authentication Application

LF4

Posted: 19 October 2012 04:51 PM

[ Ignore ] [ # 2 ] [ Rating: 0 ]

Joined: 2012-10-19
5 posts

I’m not manually using the escape string php funtion it’s located in the mysql/mysqli.php files. I did attempt to change the dbdriver to mysqli in the database.php file.


$db['default']['dbdriver'] = "mysqli";

The error in my first post shows I was using mysqli.


Filename: mysqli/mysqli_driver.php

Are there other part of the CI configuration that I need to set?

skunkbad

Posted: 19 October 2012 05:31 PM

[ Ignore ] [ # 3 ] [ Rating: 0 ]

Joined: 2009-05-17
1415 posts

Perhaps your php isn’t compiled with mysqli or have the mysqli extension? In 2.1.3 mysqli_real_escape_string is used unless it is unavailable. If that’s the case in 1.7.3, then you’ll need to make it available.

Signature

Brian
Brian’s Web Design - Temecula
Community Auth - CodeIgniter Authentication Application

LF4

Posted: 19 October 2012 06:13 PM

[ Ignore ] [ # 4 ] [ Rating: 0 ]

Joined: 2012-10-19
5 posts

I just checked phpinfo and it shows mysqli is installed and enabled, is there an issue with my CI code on how I’m calling the update?

skunkbad

Posted: 19 October 2012 06:25 PM

[ Ignore ] [ # 5 ] [ Rating: 0 ]

Joined: 2009-05-17
1415 posts

LF4 - 19 October 2012 06:13 PM
I just checked phpinfo and it shows mysqli is installed and enabled, is there an issue with my CI code on how I’m calling the update?

I’ve never used close(), but your code otherwise looks normal.

Signature

Brian
Brian’s Web Design - Temecula
Community Auth - CodeIgniter Authentication Application

LF4

Posted: 19 October 2012 06:51 PM

[ Ignore ] [ # 6 ] [ Rating: 0 ]

Joined: 2012-10-19
5 posts

I noticed that the database connections weren’t being closed out all the time and would leave zombie processes so I included the close() statement to make sure.

That’s really odd this isn’t working since I have another form that updates the database which does work (code is the same I copied it from there).

I’ll probably just manual make the connection and call.

Edit: So I updated the site to 2.1.3 and had to move the close as I noticed I put it inside the foreach loop when it should have been outside it.

Enalds

Posted: 22 October 2012 09:11 PM

[ Ignore ] [ # 7 ] [ Rating: 0 ]

Joined: 2011-05-03
4 posts

Are you using PHP 5.4?

If you are using PHP 5.4 the function mysql_escape_string() is deprecated.

LF4

Posted: 22 October 2012 10:49 PM

[ Ignore ] [ # 8 ] [ Rating: 0 ]

Joined: 2012-10-19
5 posts

Yes my dev system is 5.4 and read that it was deprecated the issue was CI not selecting the mysql_real_escape_string at least with 1.7.2 once I updated to 2.1.3 my code worked fine.

hasokeric

Posted: 27 October 2012 08:10 AM

[ Ignore ] [ # 9 ] [ Rating: 0 ]

Joined: 2009-03-12
13 posts

Enalds - 22 October 2012 09:11 PM
Are you using PHP 5.4?

If you are using PHP 5.4 the function mysql_escape_string() is deprecated.

Narf has stated in github that it will be fixed in CodeIgniter 3.0 the fix already exists in that repository. For now you can fix it manually.

For mySQL

go to system\database\drivers\mysql\mysql_driver.php and find the escape_str function and replace the functions code with this new code:

/**
  * Escape String
  *
  * @param string
  * @param bool whether or not the string will be used in a LIKE condition
  * @return string
  */
 public function escape_str($str, $like = FALSE)
 {
  if (is_array($str))
  {
   foreach ($str as $key => $val)
      {
    $str[$key] = $this->escape_str($val, $like);
      }

      return $str;
     }

  $str = is_resource($this->conn_id) ? mysql_real_escape_string($str, $this->conn_id) : addslashes($str);

  // escape LIKE condition wildcards
  if ($like === TRUE)
  {
   return str_replace(array($this->_like_escape_chr, '%', '_'),
      array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
      $str);
  }

  return $str;
 }

 // -------------------------------------------------------------------- 

For mySQLi
and in your case you want to go to mysqli_driver.php and modify the escape_str() function.

/**
* Escape String
*
* @param string
* @param bool whether or not the string will be used in a LIKE condition
* @return string
*/
public function escape_str($str, $like = FALSE)
{
if (is_array($str))
{
foreach ($str as $key => $val)
{
$str[$key] = $this->escape_str($val, $like);
}

return $str;
}

$str = is_object($this->conn_id) ? $this->conn_id->real_escape_string($str) : addslashes($str);

// escape LIKE condition wildcards
if ($like === TRUE)
{
return str_replace(array($this->_like_escape_chr, '%', '_'),
array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
$str);
}

return $str;
}

// -------------------------------------------------------------------- 