mysql_real_escape_string is undefined

Question

I am using PHP version 5.3 and trying to use mysql_real_escape_string($unescaped_string) in my code, but I get the error:

Fatal error: Call to u         


        

Answer 1

MySQL extension is deprecated since PHP 5.5. mysql_real_escape_string() is therefore not available in PHP 7. This means that user input cannot be escaped correctly and leaves the code open to SQL injection attacks.

The PHP-official solution is to replace ext/mysql with MySQLi, PDO or other supported database extension.

To prevent SQL injection attacks, it is recommended to use prepared statements and parameterized queries when talking to the database.