I’m having an issue with mysql_real_escape_string. This is used to display a custom post type (food menu items) for the WooThemes Diner theme. Food menu items no longer display on the Diner menu page because they are being called with mysql_real_escape_string.
What is the proper way to call these items?
Theme: Diner by WooThemes version 1.9.8 (now retired from active support)
Affected file: admin-interface.php
Lines: 111 & 118
/*-----------------------------------------------------------------------------------*/
/* WooThemes Admin Interface - woothemes_add_admin */
/*-----------------------------------------------------------------------------------*/
if ( ! function_exists( 'woothemes_add_admin' ) ) {
function woothemes_add_admin() {
global $query_string;
global $current_user;
$current_user_id = $current_user->user_login;
$super_user = get_option( 'framework_woo_super_user' );
$themename = get_option( 'woo_themename' );
$shortname = get_option( 'woo_shortname' );
// Reset the settings, sanitizing the various requests made.
// Use a SWITCH to determine which settings to update.
/* Make sure we're making a request.
------------------------------------------------------------*/
if ( isset( $_REQUEST['page'] ) ) {
// Sanitize page being requested.
$_page="";
$_page = mysql_real_escape_string( strtolower( trim( strip_tags( $_REQUEST['page'] ) ) ) );
// Sanitize action being requested.
$_action = '';
if ( isset( $_REQUEST['woo_save'] ) ) {
$_action = mysql_real_escape_string( strtolower( trim( strip_tags( $_REQUEST['woo_save'] ) ) ) );
} // End IF Statement
// If the action is "reset", run the SWITCH.
/* Perform settings reset.
------------------------------------------------------------*/
3 Answers
As mysql_real_escape_string() was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0, you can try esc_sql() to work for later WP/PHP versions.
Replace mysql_real_escape_string() with esc_sql() at line 111 & 118 in your admin-interface.php file.
Hope this should work well for you!