Jump to content

mysqli_real_escape_string function

HDFilmMaker2112

By HDFilmMaker2112
in PHP Coding Help

 Share

Recommended Posts

HDFilmMaker2112 Advanced Member

HDFilmMaker2112

Posted
Posted

I have the following function, that I'm using to quote/escape on user submitted data I'm running a MySQLi query on:

 

function mysqli_sanitize($conn,$formValue){
$conn='$'.$conn;
if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {	
$formValue = stripslashes($formValue);
}
$formValue = $conn->real_escape_string($formValue);
return $formValue;
}

 

Now in order to use MySQLi_real_escape_string I have to provide the connection variable, or I get a non-object error. How would I pass the connection variable name into the function? I tried the following, but I'm getting the non-object error.

 

$connection = mysqliCOE('db_name');
$sanitized_email=mysqli_sanitize("connection", "T'es'ts3e");
echo $sanitized_email;

Link to comment
https://forums.phpfreaks.com/topic/263573-mysqli_real_escape_string-function/
Share on other sites
HDFilmMaker2112 Advanced Member

HDFilmMaker2112

Posted
  • Author
Posted

If I try passing the connection variable as $connection in the function I get this:

 

Catchable fatal error: Object of class mysqli_errordisplay could not be converted to string in /home/zyquo/public_html/beta/test.php on line 5

 

 

function mysqli_sanitize($conn,$formValue){
if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {	
$formValue = stripslashes($formValue);
}
$formValue = $conn->real_escape_string($formValue);
return $formValue;
}
$connection = mysqliCOE('db_name');
$sanitized_email=mysqli_sanitize("$connection", "T'es'ts3e");
echo $sanitized_email;

 

Line 5 is this: $sanitized_email=mysqli_sanitize("$connection", "T'es'ts3e");

HDFilmMaker2112 Advanced Member

HDFilmMaker2112

Posted
  • Author
Posted 
class mysqli_errordisplay extends mysqli {
    public function __construct($host, $user, $pass, $db) {
        parent::__construct($host, $user, $pass, $db);

        if (mysqli_connect_error()) {
            die('Connect Error (' . mysqli_connect_errno() . ') '
                    . mysqli_connect_error());
        }
    }
}


function MysqliCOE($dbname){
$DBconnect = new mysqli_errordisplay('localhost', "user", "pass", $dbname);
return $DBconnect;
}

HDFilmMaker2112 Advanced Member

HDFilmMaker2112

Posted
  • Author
Posted

Sorry, missed that all together. Remove the quotes from around the $connection variable. It's not a string.

 

$sanitized_email=mysqli_sanitize($connection, "T'es'ts3e");

 

Perfect. Thanks. Thought I had to base it as a string and some how generate a new variable to be used on the real_escape_string function; Much simpler than I though.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.