Note that the first line definitely successfully opens a connection. Here is the errors I get when I try this…
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user ‘ODBC’@‘localhost’ (using password: NO) in C:\wamp\www\awesome\awesome\includes\usermgr.php on line 187
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\wamp\www\awesome\awesome\includes\usermgr.php on line 187
I figured I’d include the DBManager class in case maybe it has something to do with the way I’m connecting to the DB. I’ve tested this class and the getConn() method and it definitely gets a connection. I was able to connect and run queries on the database. Anyway, here’s the code…
class DBManager
{
private static $s_conn;
public static function getConn()
{
if (DBManager::$s_conn === NULL)
{
$conn = @new mysqli(DB_HOST, DB_USER, DB_PASS, DB_DBASE);
if (mysqli_connect_errno() !== 0)
{
$msg = mysqli_connect_error();
throw new DatabaseErrorException($msg);
}
@$conn->query('SET NAMES \\'utf8\\'');
DBManager::$s_conn = $conn;
}
return DBManager::$s_conn;
}
}
it is not really about security. it is about SQL syntax.
There are some special characters that must be escaped with backslash to make syntax of query correct.
So, mysql_real_escape_string does the thing
I guess what I was really asking is what’s the difference between mysql_real_escape_string and real_escape_string and why is only real_escape_string working for me? Is mysql_real_escape_string from an older MySQL extension or something?