-2

So I'm running the code from this link for testing, trying to learn how sessions work. https://www.formget.com/login-form-in-php/

and I'm getting an error message

Fatal error: Uncaught Error: Call to undefined function mysql_real_escape_string() in :20 Stack trace: #0 : include() #1 {main} thrown in on line 20

its to do with the mysql_real_escape_string() in the login.php file but I'm unsure what's wrong with it. As it protects against MySQL injections, has this function been renamed since the tutorial was posted or something?

Edit: This is not a duplicate as I'm not asking how to protect against MySQL injections I was asking whether the function had been removed

Stanley Roy Chilton
  • 71
  • 14
  • it does not protect you. use prepared statements. Also most likely you are on php version 7+. Consider this a blessing in disguise. – Rotimi Feb 01 '18 at 08:09
  • 2
    Since the tutorial was posted the mysql extension was __removed__. – u_mulder Feb 01 '18 at 08:09
  • https://stackoverflow.com/questions/1205889/how-to-prevent-code-injection-attacks-in-php – aaa Feb 01 '18 at 08:09
  • 1
    You are using [an obsolete database API](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) and should use a [modern replacement.](http://php.net/manual/en/mysqlinfo.api.choosing.php) – Ravi Sachaniya Feb 01 '18 at 08:11

1 Answers1

1

mysql_ has been deprecated since 5.5:

The mysql extension has been deprecated since PHP 5.5. The mysqli or PDO extension should be used instead. The deprecation has been decided in mysql_deprecation, where a discussion of the reasons behind this decision can be found.

and removed in PHP 7.

mysql_real_escape_string() is standard part of MySQL function "batch" and should always work if the extension is loaded correctly.

Does any another mysql_ function work? (It should not)

Make sure, that you have this line uncommented in your php.ini:

extension=mysql.so

Also it'd be wise to use mysqli or PDO instead (mysql_ is deprecated), they both can take care of escaping for you.

Exprator
  • 26,992
  • 6
  • 47
  • 59