Using mysql_real_escape_string properly?

[sorenchr]

Hi, i'm currently using a class system to handle my database functions. Whenever i wanna insert a value into the db, i use the mysql_real_escape string. According to the PHP manual, the function should be accompanied by a connection (ie. mysql_real_escape string($var, $connection)), but what if i've already established a connection to my db in the class constructor? Can i then leave out the $connection value in the function?

[corbin]

If $connection is omitted, the most recently opened connection is assumed.  So, you really should supply it some how or other if you ever open more than 1 connection (or think you might, since your class should have that capability).

 

Why not just assign the connection to a variable or something?  Or add an escape method to the class?  Example:

 

class SomeDB {
    private $link = false;
    function __construct($link) {
         //$link could of course be settings instead and the link could be made in the DB class.  That's similar to how I would do it.  I wouldn't pass a link to the DB class.
        $this->conn = $link;
    }

    function escape($s) {
        return mysql_real_escape_string($s, $this->conn);
    }
}