Jump to content

[SOLVED] how to call mysqli_real_escape_string???

darkfreaks

By darkfreaks
in PHP Coding Help

Recommended Posts

darkfreaks Advanced Member

darkfreaks

Posted
Posted

ok so i am trying to call mysqli_real_escape_string(), but everytime i call it in function fetch() it logs me out of the script and i can not log in. so howdo i call it ???

 

 

Function Fetch:

<?php


function fetch($query) {
$db_server   = "localhost";
$db_username = "****";
$db_password = "****";
$db_name     = "****";
$con=mysqli_connect($db_server,$db_username,$db_password);
mysqli_select_db($con,$db_name);
  if ($result = mysqli_query($con,$query)) {
    if (mysqli_num_rows($result) == 1) {
      return mysqli_fetch_assoc($result);
    } else if (mysqli_num_rows($result) > 1) {
      while ($row = mysqli_fetch_assoc($result)) {
        $return[] = $row;
      }
      return $return;
    }
    return false;
  }
}
?>

 

 

RussellReal Member

RussellReal

Posted
Posted

1. I don't understand why you're initializing a mySQL database connection within a function..

 

2. I don't see mysqli_real_escape_string, inside that function

 

3. If you do use it within that function, you're probably using it on the WHOLE query, not the individual values you're trying to test on..

 

GOOD:

$var1 = mysqli_real_escape_string("omg`'%omg!");

$result = mysqli_query("SELECT * FROM `tabname` WHERE `field` = '$var1'");

BAD:

$result = mysqli_query(mysqli_real_escape_string("SELECT * FROM `tabname` WHERE `field` = 'omg`'%omg!'"));

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.