sorenchr Posted December 25, 2008 Share Posted December 25, 2008 Hi, i'm currently using a class system to handle my database functions. Whenever i wanna insert a value into the db, i use the mysql_real_escape string. According to the PHP manual, the function should be accompanied by a connection (ie. mysql_real_escape string($var, $connection)), but what if i've already established a connection to my db in the class constructor? Can i then leave out the $connection value in the function? Link to comment https://forums.phpfreaks.com/topic/138397-using-mysql_real_escape_string-properly/ Share on other sites More sharing options...
corbin Posted December 25, 2008 Share Posted December 25, 2008 If $connection is omitted, the most recently opened connection is assumed. So, you really should supply it some how or other if you ever open more than 1 connection (or think you might, since your class should have that capability). Why not just assign the connection to a variable or something? Or add an escape method to the class? Example: class SomeDB { private $link = false; function __construct($link) { //$link could of course be settings instead and the link could be made in the DB class. That's similar to how I would do it. I wouldn't pass a link to the DB class. $this->conn = $link; } function escape($s) { return mysql_real_escape_string($s, $this->conn); } } Link to comment https://forums.phpfreaks.com/topic/138397-using-mysql_real_escape_string-properly/#findComment-723629 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.