Jump to content

Recommended Posts

I have the following function, that I'm using to quote/escape on user submitted data I'm running a MySQLi query on:

 

function mysqli_sanitize($conn,$formValue){
$conn='$'.$conn;
if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {	
$formValue = stripslashes($formValue);
}
$formValue = $conn->real_escape_string($formValue);
return $formValue;
}

 

Now in order to use MySQLi_real_escape_string I have to provide the connection variable, or I get a non-object error. How would I pass the connection variable name into the function? I tried the following, but I'm getting the non-object error.

 

$connection = mysqliCOE('db_name');
$sanitized_email=mysqli_sanitize("connection", "T'es'ts3e");
echo $sanitized_email;

Link to comment
https://forums.phpfreaks.com/topic/263573-mysqli_real_escape_string-function/
Share on other sites

If I try passing the connection variable as $connection in the function I get this:

 

Catchable fatal error: Object of class mysqli_errordisplay could not be converted to string in /home/zyquo/public_html/beta/test.php on line 5

 

 

function mysqli_sanitize($conn,$formValue){
if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {	
$formValue = stripslashes($formValue);
}
$formValue = $conn->real_escape_string($formValue);
return $formValue;
}
$connection = mysqliCOE('db_name');
$sanitized_email=mysqli_sanitize("$connection", "T'es'ts3e");
echo $sanitized_email;

 

Line 5 is this: $sanitized_email=mysqli_sanitize("$connection", "T'es'ts3e");

class mysqli_errordisplay extends mysqli {
    public function __construct($host, $user, $pass, $db) {
        parent::__construct($host, $user, $pass, $db);

        if (mysqli_connect_error()) {
            die('Connect Error (' . mysqli_connect_errno() . ') '
                    . mysqli_connect_error());
        }
    }
}


function MysqliCOE($dbname){
$DBconnect = new mysqli_errordisplay('localhost', "user", "pass", $dbname);
return $DBconnect;
}

Sorry, missed that all together. Remove the quotes from around the $connection variable. It's not a string.

 

$sanitized_email=mysqli_sanitize($connection, "T'es'ts3e");

 

Perfect. Thanks. Thought I had to base it as a string and some how generate a new variable to be used on the real_escape_string function; Much simpler than I though.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.