{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 唯我独甜 的问题《mysql_real_escape_string() just makes an empty str》','https://www.manongdao.com/q-321127.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am using a jQuery AJAX request to a page called like.php that connects to my database and inserts a row. This is the like.php code:
<?php
// Some config stuff
define(DB_HOST, 'localhost');
define(DB_USER, 'root');
define(DB_PASS, '');
define(DB_NAME, 'quicklike');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die('ERROR: ' . mysql_error());
$sel = mysql_select_db(DB_NAME, $link) or die('ERROR: ' . mysql_error());
$likeMsg = mysql_real_escape_string(trim($_POST['likeMsg']));
$timeStamp = time();
if(empty($likeMsg))
die('ERROR: Message is empty');
$sql = "INSERT INTO `likes` (like_message, timestamp)
VALUES ('$likeMsg', $timeStamp)";
$result = mysql_query($sql, $link) or die('ERROR: ' . mysql_error());
echo mysql_insert_id();
mysql_close($link);
?>
The problematic line is $likeMsg = mysql_real_escape_string(trim($_POST['likeMsg']));. It seems to just return an empty string, and in my database under the like_message column all I see is blank entries. If I remove mysql_real_escape_string() though, it works fine.
Here's my jQuery code if it helps.
$('#like').bind('keydown', function(e) {
if(e.keyCode == 13) {
var likeMessage = $('#changer p').html();
if(likeMessage) {
$.ajax({
cache: false,
url: 'like.php',
type: 'POST',
data: { likeMsg: likeMessage },
success: function(data) {
$('#like').unbind();
writeLikeButton(data);
}
});
} else {
$('#button_container').html('');
}
}
});
All this jQuery code works fine, I've tested it myself independently.
Any help is greatly appreciated, thanks.
Do a var_dump of $_POST['likeMsg'], and a var_dump of $likeMsg. That gives you information on what goes wrong.
mysql_real_escape_string() will return blank response if you have not made connection to database ...
For people who might be finding this again now, I just ran into this problem as I'm migrating from PHP5 to PHP7. I'm changing from
string mysql_real_escape_string(string $unescaped, [resource $link = NULL])to:
string mysqli_real_escape_string(mysqli $link, string $escapestr)So, in other words, the database $link is no longer optional and moves to the first argument position. If left out, it returns an empty string, without an error, apparently.
Are you 1000% sure that
$_POST["likeMsg"]actually contains something?As for
mysql_real_escape_string()returning an empty value, the manual says there is only one situation where that can happen:this doesn't seem to be the case here though, as you do have a connection open. Strange.
As the other answers don't make clear what exactly to do, here's my:
When you do
you need to escape like this:
NOTE: Because people are downvoting this (WTF!?), here's the official page of the official php manual that says EXACTLY what i have posted: real_escape_string @ PHP Manual.