mysqli_real_escape_string() returns empty string

Question

I'm using mysqli_real_escape_string() on an email address, and it returns an empty string. It does this with any email address.

<?php
//from previous page - submitted by user.
$_POST['email']="aehmlo@aehmlo.com";
$_POST['password']='mypass1234';




//Link, I can verify it works.
$mysql_info=array(
     "url"=>"url",
     "username"=>"username",
     "password"=>"password",
     "database"=>"database"
);
$link=mysqli_connect($mysql_info['url'],$mysql_info['username'],$mysql_info['password'],$mysql_info['database']);


//Now I attempt to sanitize the user input.
$email=mysqli_real_escape_string($link,$_POST['email']);
$password=sha1(mysqli_real_escape_string($link,$_POST['password']));
var_dump($email);
var_dump($password);?>

My table's collation is "latin1_swedish_ci".

Sorry, my question is: Why does this return an empty string, and what can I do to fix it? — Aehmlo, Mar 04 '13 at 03:21
You mean like error_reporting(E_ALL);? Already did. Nothing. — Aehmlo, Mar 04 '13 at 03:25
Please follow the error handler for checking the connection in my answer below. — Kermit, Mar 04 '13 at 03:28

score 9 · Accepted Answer · answered Mar 04 '13 at 03:24

9

If your connection is empty ($link), it will return an empty string. I tested this and it worked fine. I would recommend that you add error handling to your connection and enable error reporting.

<?php
$link = mysqli_connect("localhost", "root", "root", "test");

/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

$_POST['email'] = "aehmlo@aehmlo.com";

$email = mysqli_real_escape_string($link, $_POST['email']);

var_dump($email);

mysqli_close($link);
?>

Result

string(17) "aehmlo@aehmlo.com"

answered Mar 04 '13 at 03:24

Kermit

33,206
11
83
119

Turns out my web host changed the socket's location without telling me. Thanks. – Aehmlo Mar 04 '13 at 03:31
It's always best to implement an error handler. In this case, it would have pointed you to the connection. – Kermit Mar 04 '13 at 03:31
I had one implemented, then took it out for production. – Aehmlo Mar 04 '13 at 03:36
You can turn on/off error reporting in the script so that when it goes into production you can disable it. – Kermit Mar 04 '13 at 03:37

score -1 · Answer 2 · edited Jul 25 '17 at 20:41

-1

I had this problem and found that my character set was set to latin. Solved by putting

$con->set_charset("utf8");

before the real_escape_string. Would be mysqli_set_charset in procedural style.

edited Jul 25 '17 at 20:41

o-90

15,749
10
40
61

answered Jul 25 '17 at 20:30

Frank Ahearn

1

mysqli_real_escape_string() returns empty string

2 Answers2

Linked

Related