Jump to content

Passing NULL using mysql_real_escape_string?

Go to solution Solved by jugdish114,

Recommended Posts

I'm trying to pass a NULL to a stored procedure in a PHP script to MySQL, and I am scrubbing the variables using mysql_real_escape_string, but the NULLs that are passed are giving me problems.  My script should look like this:


call spMyStoredProc(1,2,NULL,'username');


but unfortunately I get:


call spMyStoredProc(1,2,,'username');


I am wondering if I want to move away from using mysql_real_escape_string, and possibly write my own function?


Anybody have any ideas?




Frank C

Link to comment
Share on other sites

You have to handle NULL's in a special way. The proper SQL syntax would be:

call spMyStoredProc(1,2,NULL,'username')
to produce that from PHP, you have to test the parameter:


$param3 = null;

if ($param3 === null) { // That's a PHP null
  $sql = "call spMyStoredProc(1,2,NULL,'username')";
} else {
  $sql = "call spMyStoredProc(1,2,'" . mysql_real_escape_string($param3) . "','username')";
I have a function for escaping that handles this:

function quoteStringNull($pmValue, $psDelimiter = "'") {
  if ($pmValue === null) return 'NULL';
  return $psDelimiter . mysql_real_escaspe_string($pmValue) . $psDelimiter;

$param3 = null;
$sql = sprintf('call spMyStoredProc(1,2,%s,"username")', quoteStringNull($param3));
// call spMyStoredProc(1,2,NULL,"username")

$param3 = 'Master';
$sql = sprintf('call spMyStoredProc(1,2,%s,"username")', quoteStringNull($param3));
// call spMyStoredProc(1,2,'Master',"username")
(That's off the top of my head, I don't have access to my library right now).


The function returns the string NULL which is sent to mySql properly; or it returns the delimited string value (including the quotes). So the function results can be dropped straight into the sql string.

Link to comment
Share on other sites

Thanks DavidAM.  That was the same basic approach I was working on last night; I think the reason why my code wasn't working the way I wanted was that i was saying "if $string == NULL" where your code uses the lowercase null instead.  (Still not sure what the difference is, I need to do some reading)  I will work this new code in tonight, thanks again for the help.



Link to comment
Share on other sites

  • Solution

This works for my needs:


       function null_intval($int_string) {
           if ($int_string == "") return 'NULL';
           if ($int_string == null) return 'NULL';
           return mysql_real_escape_string($int_string);
Thanks again,
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.