pioneerx01 Posted January 30, 2014 Share Posted January 30, 2014 (edited) I am starting to work with MySQLi and so far so good. I am having issues with mysqli_real_escape_string in function. if(!function_exists('todatabase')) { function todatabase ($variable) { $variable = mysqli_real_escape_string($variable); return $variable; } } Every time I put something into database I run it through "todatabase" function, but if I have mysqli_real_escape_string in there the function does not execute. I also get no error messages and rest of the code runs to the end smooothly. I tried using: $variable = mysqli_real_escape_string($dbc, $variable); $variable = $dbc->real_escape_string($variable); But it did not work either. What am I missing? Edited January 30, 2014 by pioneerx01 Quote Link to comment Share on other sites More sharing options...
doddsey_65 Posted January 30, 2014 Share Posted January 30, 2014 (edited) mysqli_real_escape_string requires the database object as a first parameter. Can you show the code which defines $dbc? Also what do you mean by "the function doesnt execute"? What is the input variable and what are you expecting to be returned? Edited January 30, 2014 by doddsey_65 Quote Link to comment Share on other sites More sharing options...
pioneerx01 Posted January 30, 2014 Author Share Posted January 30, 2014 (edited) The connect code is DEFINE ('DBNAME', ''); DEFINE ('DBUSER', ''); DEFINE ('DBHOST', ''); DEFINE ('DBPW', ''); $dbc = mysqli_connect(DBHOST,DBUSER,DBPW,DBNAME); if (mysqli_connect_errno($con)) { echo "Could not connect to the database. <br/>"; exit(); die(); } else { mysqli_set_charset($dbc, "utf8"); } When I do this $dbc->query("UPDATE table SET `first_name` = '".todatabase($first_name)."' WHERE ID = '#' "); first_name remains the same and does not change, no errors though. (errors are not supressed) Edited January 30, 2014 by pioneerx01 Quote Link to comment Share on other sites More sharing options...
doddsey_65 Posted January 30, 2014 Share Posted January 30, 2014 And what is $first_name? What does it contain? Also, no need to use die() and exit(), they are the same function. Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted January 30, 2014 Share Posted January 30, 2014 (edited) you need to pass the $dbc variable into the function as a call time parameter. you also need to turn on php's error_reporting/display_errors to get php to help you. you would be getting several php error's when you tried to use $dbc inside the function. lastly, for a user written function, there's no good reason to test if it doesn't exist before defining it. that's just more lines of code to clutter up what you are doing. Edited January 30, 2014 by mac_gyver Quote Link to comment Share on other sites More sharing options...
davidannis Posted January 30, 2014 Share Posted January 30, 2014 $dbc->query("UPDATE table SET `first_name` = '".todatabase($first_name)."' WHERE ID = '#' "); is there a record in the database that matches the WHERE clause? Quote Link to comment Share on other sites More sharing options...
Solution pioneerx01 Posted January 30, 2014 Author Solution Share Posted January 30, 2014 (edited) Oh yes, I could do just that. Why did't I think of that: function todatabase ($dbc, $variable) { $variable = preg_replace('/\s+/', ' ', $variable); $variable = mysqli_real_escape_string($dbc, $variable); return $variable; } $dbc->query("UPDATE table SET `first_name` = '".todatabase($dbc, $first_name)."' WHERE ID = '#' "); Thank you all. Edited January 30, 2014 by pioneerx01 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.