Jump to content

Passing NULL using mysql_real_escape_string?

jugdish114

By jugdish114
in MySQL Help

 Share
Go to solution Solved by jugdish114,

Recommended Posts

jugdish114 Newbie

jugdish114

Posted
Posted

I'm trying to pass a NULL to a stored procedure in a PHP script to MySQL, and I am scrubbing the variables using mysql_real_escape_string, but the NULLs that are passed are giving me problems.  My script should look like this:

 

call spMyStoredProc(1,2,NULL,'username');

 

but unfortunately I get:

 

call spMyStoredProc(1,2,,'username');

 

I am wondering if I want to move away from using mysql_real_escape_string, and possibly write my own function?

 

Anybody have any ideas?

 

thanks,

 

Frank C

DavidAM Member

DavidAM

Posted
Posted

You have to handle NULL's in a special way. The proper SQL syntax would be:

call spMyStoredProc(1,2,NULL,'username')
to produce that from PHP, you have to test the parameter:

 

$param3 = null;

if ($param3 === null) { // That's a PHP null
  $sql = "call spMyStoredProc(1,2,NULL,'username')";
} else {
  $sql = "call spMyStoredProc(1,2,'" . mysql_real_escape_string($param3) . "','username')";
}
I have a function for escaping that handles this:

function quoteStringNull($pmValue, $psDelimiter = "'") {
  if ($pmValue === null) return 'NULL';
  return $psDelimiter . mysql_real_escaspe_string($pmValue) . $psDelimiter;
}

$param3 = null;
$sql = sprintf('call spMyStoredProc(1,2,%s,"username")', quoteStringNull($param3));
// call spMyStoredProc(1,2,NULL,"username")

$param3 = 'Master';
$sql = sprintf('call spMyStoredProc(1,2,%s,"username")', quoteStringNull($param3));
// call spMyStoredProc(1,2,'Master',"username")
(That's off the top of my head, I don't have access to my library right now).

 

The function returns the string NULL which is sent to mySql properly; or it returns the delimited string value (including the quotes). So the function results can be dropped straight into the sql string.

jugdish114 Newbie

jugdish114

Posted
  • Author
Posted

Thanks DavidAM.  That was the same basic approach I was working on last night; I think the reason why my code wasn't working the way I wanted was that i was saying "if $string == NULL" where your code uses the lowercase null instead.  (Still not sure what the difference is, I need to do some reading)  I will work this new code in tonight, thanks again for the help.

 

fc

  • Solution
jugdish114 Newbie

jugdish114

Posted
  • Author
  • Solution
Posted

This works for my needs:

 

       function null_intval($int_string) {
       
           if ($int_string == "") return 'NULL';
           if ($int_string == null) return 'NULL';
           return mysql_real_escape_string($int_string);
 
       }
 
Thanks again,
 
fc
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.