Error once more :(

[bladewolf2010]

Fatal error:  Call to undefined function  mysql_safe() in /home/rainofhe/public_html/jailbust.php  on line 22

 

This function mysql_safe() thing pops up alot :/ how do i fix?

[Dillion & Amanda 4 Lif]

I haven't seen anything regarding mysql_safe() anywhere until now. Are you sure your not using a function called mysql_safe()?

[sniko]

Your using the function mysql_safe in your code and you havent made it a function.

[bladewolf2010]

What would the function be then :/

[Dominion]

well how are you using it in the code?

the one that comes with v2 but is called mysql_escape you may want that?

[Brad]

Yeah mysql_escape or u will have to change it all but i dont have v2. but still make mods for it

[Dillion & Amanda 4 Lif]

Yeah mysql_escape or u will have to change it all but i dont have v2. but still make mods for it

Your mods are not really even mods, no offense. and i believe the proper MC term is $db->escape

[Danny696]

For god sake its $db->escape

[Dominion]

thats mres via the class file v2 has a function called mysql_escape thats in the global_func.php file

function mysql_escape($str)
{
return str_replace("'","''",$str);
}

[Brad]

oh yeah i using lite so i keep doing that lol

[Dillion & Amanda 4 Lif]

The most up-to-date version is mysql_real_escape_string anyway. People seem to use the easy way out.

[Brad]

Lol and about my mods yeah there not really mods but im not a that good coder yet i want to get better

[Djkanna]

The only thing I can think mysql_safe could be is mysql_close or mysql_free_result :S

Now how about showing us how your using it?

The most up-to-date version is mysql_real_escape_string anyway. People seem to use the easy way out.

Nothing about mysql_* is up-to-date..

Ps:

$db->escape() is just mysql_real_escape_string() with a shorter name..

[Dominion]

@snake

no mysql_real_escape_sting is a php function a self made function that comes with and is used in mccodes v2 is mysql_escape (also in v1/lite i think) the class folder defines $db->escape as mysql_real_escape_string if you hold v2 look in the global_func file for it its not a good function and i do not use it however it is there and is used inside the base v2 script i fail to see how its an easy way out if its already being used inside v2?

also yes please post the line/page its being used in please

[bladewolf2010]

$_GET['ID']=mysql_safe($_GET['ID']);

 

Thats for iteminfo.php

[Dillion & Amanda 4 Lif]

function mysql_escape($str)
{
return str_replace("'","''",$str);
}

 

Based on that all it does is add a quote after the one quote. it isnt escaping anything

[Dominion]

not sure whats its ment to be now...

$_GET['ID'] = abs(intval($_GET['ID']));

 

makes sure its a number i assume thats what your checking

@snake

it takes out the ' before saving to the database

[Dillion & Amanda 4 Lif]

not sure whats its ment to be now...

$_GET['ID'] = abs(intval($_GET['ID']));

 

makes sure its a number i assume thats what your checking

I believe $_GET['ID']+=0; works as well.

[Djkanna]

function mysql_safe($var) {
if(!filter_var($var, FILTER_VALIDATE_INT)) {
return false;
} else {
return abs(filter_var($var, FILTER_SANITIZE_NUMBER_INT));
}

[Dominion]

its not used on my copy anymore however it is there since theres no point in taking it out (well the 0.000000001 sec on the speed)

[bladewolf2010]

Thanks DJ :)

One more thing

Does this even help secure

[Djkanna]

It just makes sure whatever is passed in is a number :)

[bladewolf2010]

oh otay thank you :)

[Djkanna]

:)