HDFilmMaker2112 Posted June 3, 2012 Share Posted June 3, 2012 I have the following function, that I'm using to quote/escape on user submitted data I'm running a MySQLi query on: function mysqli_sanitize($conn,$formValue){ $conn='$'.$conn; if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { $formValue = stripslashes($formValue); } $formValue = $conn->real_escape_string($formValue); return $formValue; } Now in order to use MySQLi_real_escape_string I have to provide the connection variable, or I get a non-object error. How would I pass the connection variable name into the function? I tried the following, but I'm getting the non-object error. $connection = mysqliCOE('db_name'); $sanitized_email=mysqli_sanitize("connection", "T'es'ts3e"); echo $sanitized_email; Link to comment https://forums.phpfreaks.com/topic/263573-mysqli_real_escape_string-function/ Share on other sites More sharing options...
trq Posted June 3, 2012 Share Posted June 3, 2012 Your passing the string "connection", not the connection resource that the function actually requires. On top of that, you never actually use the $conn variable anyway. Link to comment https://forums.phpfreaks.com/topic/263573-mysqli_real_escape_string-function/#findComment-1350767 Share on other sites More sharing options...
HDFilmMaker2112 Posted June 3, 2012 Author Share Posted June 3, 2012 If I try passing the connection variable as $connection in the function I get this: Catchable fatal error: Object of class mysqli_errordisplay could not be converted to string in /home/zyquo/public_html/beta/test.php on line 5 function mysqli_sanitize($conn,$formValue){ if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { $formValue = stripslashes($formValue); } $formValue = $conn->real_escape_string($formValue); return $formValue; } $connection = mysqliCOE('db_name'); $sanitized_email=mysqli_sanitize("$connection", "T'es'ts3e"); echo $sanitized_email; Line 5 is this: $sanitized_email=mysqli_sanitize("$connection", "T'es'ts3e"); Link to comment https://forums.phpfreaks.com/topic/263573-mysqli_real_escape_string-function/#findComment-1350770 Share on other sites More sharing options...
trq Posted June 3, 2012 Share Posted June 3, 2012 What does mysqliCOE() return? Link to comment https://forums.phpfreaks.com/topic/263573-mysqli_real_escape_string-function/#findComment-1350772 Share on other sites More sharing options...
HDFilmMaker2112 Posted June 3, 2012 Author Share Posted June 3, 2012 class mysqli_errordisplay extends mysqli { public function __construct($host, $user, $pass, $db) { parent::__construct($host, $user, $pass, $db); if (mysqli_connect_error()) { die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); } } } function MysqliCOE($dbname){ $DBconnect = new mysqli_errordisplay('localhost', "user", "pass", $dbname); return $DBconnect; } Link to comment https://forums.phpfreaks.com/topic/263573-mysqli_real_escape_string-function/#findComment-1350773 Share on other sites More sharing options...
trq Posted June 3, 2012 Share Posted June 3, 2012 Sorry, missed that all together. Remove the quotes from around the $connection variable. It's not a string. $sanitized_email=mysqli_sanitize($connection, "T'es'ts3e"); Link to comment https://forums.phpfreaks.com/topic/263573-mysqli_real_escape_string-function/#findComment-1350774 Share on other sites More sharing options...
HDFilmMaker2112 Posted June 3, 2012 Author Share Posted June 3, 2012 Sorry, missed that all together. Remove the quotes from around the $connection variable. It's not a string. $sanitized_email=mysqli_sanitize($connection, "T'es'ts3e"); Perfect. Thanks. Thought I had to base it as a string and some how generate a new variable to be used on the real_escape_string function; Much simpler than I though. Link to comment https://forums.phpfreaks.com/topic/263573-mysqli_real_escape_string-function/#findComment-1350775 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.