Mysql_real_escape_string() Syntax

First let's take a quick look at how the manual says that mysql_real_escape_string() is supposed to be used. Check out the prototype below and notice the "resource link_identified" that is given as the second argument.

mysql_real_escape_string 
   ( string [, resource link_identifier] )

This resource link_indentifier is actually the id that is returned from a call to mysql_connect(). What this means is that, for whatever reason, mysql_real_escape_string() actually uses your connection to a database to function. The protoype lists the resource link_identifier as optionial but you still need to have an open connection with MySQL to make mysql_real_escape_string() work.

It is a common error to place calls to the mysql_real_escape_string() function before a link to the database is established. This will without exception generate the standard "mysql_real_escape_string(): Access denied for user" error message. Try moving all calls to this function below a connection to a MySQl database. Basically, move it down below the part in the code that reads something like "$link=mysql_connect('localhost', 'mysql_user', 'mysql_password');".

If this will not work then you can try moving the "$link=mysql_connect('localhost', 'mysql_user', 'mysql_password');" up in the code so that it is before any calls to mysql_real_escape_string(). I hope this is helpful to somebody. I know in the past I've spent alot of time trying to figure little things like this out.