dlebowski Posted May 24, 2012 Share Posted May 24, 2012 I moved my application to a new server with a new install of PHP. Anyway, some of my "mysql_real_escape_string( $_GET['ID'])" requests work, some do not. Does anyone know why this would be? It works fine on my old server. Thank you. Ryan Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 24, 2012 Share Posted May 24, 2012 The only thing that would affect mysql_real_escape_string, would be if there isn't a connection to the database server at the time you called the function. You would be be getting empty/null values out. You would also be getting php warning messages, because php would attempt to create a database connection when there isn't already one, using default values for the host/user/password, which generally fails. It's more likely your data isn't what you expect. What exact symptoms or errors are you getting that would help pin down the problem? Quote Link to comment Share on other sites More sharing options...
dlebowski Posted May 24, 2012 Author Share Posted May 24, 2012 This is literally all that is on this page: My URL: myurl.com/editlot.php?LotID=100121361 <? print $LotID=mysql_real_escape_string( $_GET['LotID']); ?> It won't output anything to the screen. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 24, 2012 Share Posted May 24, 2012 What does the 'view source' of the page in your browser show? Do you have php's error_reporting set to E_ALL and either display_errors ON (errors would be displyed) or log_errors ON (errors would be written to the error log file)? You do need to make a connection to the database server somehow, before calling mysql_real_escape_string. The condition where a connection would automatically be made, would require that you either have a pre-pended file that creates a connection or that your php.ini has correct default mysql connection details set up in it. Quote Link to comment Share on other sites More sharing options...
dlebowski Posted May 24, 2012 Author Share Posted May 24, 2012 View source displays nothing. What is wierd, is that it works on the other server. I took your advice, and removed the "mysql_real_escape_string" and it works now. So, that is definitely the problem. So, is there a setting in my PHP config that is affecting this on my new server? Thank you for your quick replies. Ryan Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 24, 2012 Share Posted May 24, 2012 It appears that you have values set somewhere for the mysql.default_host, mysql.default_user, mysql.default_password settings on the server where this 'works'. This can either be in the master php.ini, a local php.ini (when php is running as a cgi application), or in a .htaccess file (when php is running as an Apache Module.) Does your code that accesses a database have mysql_connect() and mysql_select_db() statements in it? The reason I ask, is A) you must know if and where you are making a connection to the database server, B) Because, if you are not making an expected connection to the correct database server, you could be using a character set for the mysql_real_escape_string statement that DOES NOT prevent sql injection on your actual database. Quote Link to comment Share on other sites More sharing options...
dlebowski Posted May 24, 2012 Author Share Posted May 24, 2012 This is how I connect: include("dbinfo.inc.php"); mysql_connect($myserver,$uname,$pword); @mysql_select_db($database) or die( "Unable to select database"); Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 24, 2012 Share Posted May 24, 2012 On the page that use the $_GET['LotID'] value, do you have that connection code before the mysql_real_escape_string function is called? Quote Link to comment Share on other sites More sharing options...
dlebowski Posted May 24, 2012 Author Share Posted May 24, 2012 If i do that, it WILL work. I am just concerned because I didn't want to have to modify all these scripts to make sure it works. I was hoping I could figure out what is different on this server as oppose to my old one. Ryan Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 24, 2012 Share Posted May 24, 2012 Someone has already posted how a connection can be made without your code deliberately making one - The condition where a connection would automatically be made, would require that you either have a pre-pended file that creates a connection or that your php.ini has correct default mysql connection details set up in it. It appears that you have values set somewhere for the mysql.default_host, mysql.default_user, mysql.default_password settings on the server where this 'works'. This can either be in the master php.ini, a local php.ini (when php is running as a cgi application), or in a .htaccess file (when php is running as an Apache Module.) Quote Link to comment Share on other sites More sharing options...
dlebowski Posted May 24, 2012 Author Share Posted May 24, 2012 I understand what you posted, I'm looking through the php.ini files and comparing them and there is nothing in the MYSQL section that is different. Anyway, I will see what else I can come up with. Thank you. Ryan Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.