mysql_real_escape_string问题？

Question

This is the first time this has ever happened, and its really weird.

We have been using this function for years, and we are using it everywhere on this site.. although one particilar part of the site - it is causing mySQL errors.

function noescape($str) {
$noescape = mysql_real_escape_string($str);
return $noescape;
}

$email = noescape($_POST['email']);

mysql_query("INSERT INTO `contact` (`email`) VALUES('" . $email . "') ", $database) or die(mysql_error());

Yes, $database is defined and it is the right connection info - it is used in other areas of the site.

Error:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/user/public_html/config.php on line 27

Infact, the error happens on this line:

$email = noescape($_POST['email']);

It is nothing to do with the query.

I found this: http://www.resourcebookingpro.com/index.php?option=com_kunena&Itemid=66&func=view&catid=3&id=841#844

What is wrong??

Answer 1

Things above this in the page are using the same connection and it is working fine...

Well, you have to check the code above this line to see where connection gets closed.

Answer 2

I think you must specified mysql link correctly (as said in comments)

function noescape($str) {
global  $database;
$noescape = mysql_real_escape_string($str, $database);
return $noescape;
}

$email = noescape($_POST['email']);

mysql_query("INSERT INTO `contact` (`email`) VALUES('" . $email . "') ", $database) or die(mysql_error());

Answer 3

The real escape string method does rely on db connection. I believe $database is global to the application, so simply put a if statement in noescape method to test if its null like so:

if($database)
{
  $noescape = mysql_real_escape_string($str, $database);
  return $noescape;
}

I agree with everyone else's thoughts; but I do think you should check for null.

Good luck