PHP: mysql_real_escape_string is not working in version 7.2

Van N
Van N used Ask the Experts™
Dear Experts,

I have the following codes used to work in PHP 5.0 and suddenly it stop working after I upgraded to PHP 7.2
$query_sql = "SELECT * FROM wp_posts WHERE post_title = %s ORDER BY post_title;";
$query = sprintf($query_sql, mysql_real_escape_string($name));
$postquery = $wpdb->get_results("{$wpdb->prepare($query)}");

echo 'Rows: ' . count($postquery);

The row count return 0.

Please help. Thank you in advance.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®


Hi lenamtl,

Would you show me some sample codes?

Hi, I'm using PDO.

You will need to adapt all the MySQL request, PHP code and DB connection.
If you are using PHP Storm there is a way to find the code which is not compatible with v7.

You can check a good tutorial here about PDO

You will learn how it work with the prepared statement
DB connection and everything you will need to know,  there is some learning curve

There are some great tutorial on Udemy

I just realized that you are using WP, so you will need to update Wordpress to the latest version and adapt all your custom code.
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.



I already upgraded the WordPress to the current version 5.0.3.

Where this MySQL request come from?


WordPress custom template.
Ok then you will need to adapt all your custom template PHP code / MySQL request code to be compatible
or you can use a new theme

This can take a lot of time depending of the theme so I would use a new one and adapt or hire a dev to fix it

There is a tool that you can use to check PHP compatibility


Got it. Thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial