PHP MySqli, SSL and mysqli_real_escape_string won't work

Question

When i connect to a external MySQL-DB (MariaDB 10) with PHP, MySQLI and activated SSL...:

    /* create a connection object which is not connected */
    $conn = new mysqli(); 
    $conn->init( );
    /* set connection options */ 
    $conn->options( MYSQLI_OPT_CONNECT_TIMEOUT, $timeout );
    /*connect to server*/
    $conn->real_connect($SQL_Server, $SQL_Benutzer, $SQL_Passwort, $SQL_Datenbank, 3306, NULL, MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT);

...I can't use:

     mysqli_real_escape_string($conn, $_GET['clientid'])

...or...

     $conn->mysqli_real_escape_string($_GET['clientid'])

The result will be empty. When I disable SSL...:

     $conn->real_connect($SQL_Server, $SQL_Benutzer, $SQL_Passwort, $SQL_Datenbank, 3306);

...it will work.

On my iMac with XAMPP it will work with SSL-Connection too. Only when I upload the PHP-Script on my webspace (Strato www.strato.de) with PHP7.1 it won't work with SSL-Connection.

So, why can't I use "escape_string" with a ssl-connection on my webspace?

Edit:

This is, how i check for connection-error:

function sql_connect($Datenbank){
    $Servernr = get_ServerNr();
    $Server = get_Server($Servernr);
    $SQL_Servernr = $Server->Nr;
    $SQL_Server = $Server->Url;
    $SQL_Benutzer = $Server->Benutzer;
    $SQL_Passwort = $Server->Passwort;
    $SQL_Datenbank = $Datenbank;
    $timeout = 5;

    $conn = new mysqli(); 
    $conn->init( );
    $conn->options( MYSQLI_OPT_CONNECT_TIMEOUT, $timeout );
    $conn->real_connect($SQL_Server, $SQL_Benutzer, $SQL_Passwort, $SQL_Datenbank, 3306, NULL, MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT);
    if ($conn->connect_errno) {
        echo $conn->connect_errno;
        die();
    }
    return $conn;
}

Edit 2:

Now I activated E_ALL-Error Reporting:

Notice: Use of undefined constant MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT - assumed 'MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT' in /mnt/web022/d2/18/51779718/htdocs/webservice_config/dbserver2.php on line 101

Warning: mysqli::real_connect() expects parameter 7 to be integer, string given in /mnt/web022/d2/18/51779718/htdocs/webservice_config/dbserver2.php on line 101

Warning: mysqli_real_escape_string(): invalid object or resource mysqli in /mnt/web022/d2/18/51779718/htdocs/webservice_imikelgo/test.php on line 34

Warning: mysqli_query(): invalid object or resource mysqli in /mnt/web022/d2/18/51779718/htdocs/webservice_imikelgo/test.php on line 38

Fatal error: Uncaught Error: Call to a member function fetch_assoc() on null in /mnt/web022/d2/18/51779718/htdocs/webservice_imikelgo/test.php:40 Stack trace: #0 {main} thrown in /mnt/web022/d2/18/51779718/htdocs/webservice_imikelgo/test.php on line 40

With XAMPP i don't get this notice. How i can fix this?

Does anything else on the connection work, i.e. any sort of query? — deceze, Aug 29 '17 at 13:06
Why are you not using parameterised queries? Because the queries have much parameter, like Id, uuid, client, network, xml, base64. Read the Manuel I do, but i don't find the problem. Does anything else on the connection work, i.e. any sort of query? I try it. One moment please. — Binarycoded_M, Aug 29 '17 at 13:09
"Having many parameters" isn't a valid reason not to use parameterised queries. — deceze, Aug 29 '17 at 13:24
See https://stackoverflow.com/questions/36493062/php-mysql-over-ssl-peer-certificate-did-not-match and http://news.php.net/php.bugs/201224 ... are you sure you're not using a PDO interface at all? I know it looks like you're not, but there are various related bugs about this specific flag and MySQL/PHP interactions. ... and if you're not verifying the certificate theres really not much point using SSL at all, you can quite easily be securely connecting to a MITM or an entirely different locale — Martin, Aug 29 '17 at 14:41

PHP MySqli, SSL and mysqli_real_escape_string won't work

0 Answers0