Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

mysql_real_escape_string() security string is deprecated


Recommended Posts

According to: http://www.php.net/manual/en/function.mysql-real-escape-string.php mysql_real_escape_string() is deprecated.


I've tried this addon to switch to the mysqli version: http://addons.oscommerce.com/info/8168



Yields the following:

Warning: mysqli_error() expects parameter 1 to be mysqli, null given in /home/**/includes/functions/database.php on line 138


So, I tried to change:

return mysqli_fetch_array($db_query, $type);


return mysqli_fetch_array($db_query, $type) or die("Error: ".mysqli_error($$link));

..the error line says: Error: [blank]


I also tried to add:

global $$link;

inside the function tep_db_fetch_array() function, no luck.



Hoping somebody out there has either solved this on their own site or can offer any tips on what to do?

Link to comment
Share on other sites

You need to convert all of your database functions to mysqli, starting with mysqli_connect() instead of mysql_connect(); Also your parameters are incorrect; the first one needs to be $$link.




See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

Which parameter is inccorect? I copied the lines directly from the contribution. (The point of the contribution was changing from mysql to mysqli)


Adding $$link to mysqli_fetch_array() throws an error that there can only be 1 paramter.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...