galvin Posted November 13, 2014 Share Posted November 13, 2014 I am updating all my code from mysql to mysqli. Currently using PHP 5.4 but will update to 5.5 once all this updating is done. Anyway, I have this old function for making data safe for inserting into mysql database. I changed all instances of "mysql" to "mysqli"... function mysqli_prep($value) { $magic_quotes_active = get_magic_quotes_gpc(); $new_enough_php = function_exists("mysqli_real_escape_string") ; //i.e. PHP >= v4.3.0 if($new_enough_php) { //PHP v4.3.0 or higher //undo any magic quote effects so mysqli_real_escape_string can do the work if($magic_quotes_active) { $value = stripslashes($value) ;} $value = mysqli_real_escape_string($connection, $value); } else { //before php v4.3.0 // if magic quotes aren;t already on then add slashes manually if(!magic_quotes_active) { $value = addslashes($value); } // if magic quotes are active, then the slashes already exist } return $value; } When I load that page that calls this function, I get... Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in (mypath) This is my $connection by the way, which works fine on other pages that need it... $connection = mysqli_connect('localhost', 'myusername', 'mypassword', 'mytable'); if (!$connection) { die("database connection failed: " . mysqli_error()); } Any ideas what I'm doing wrong? Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted November 13, 2014 Share Posted November 13, 2014 Functions have their own variable scope. You need to pass $connection to your mysqli_prep function as an argument. You should ideally use prepared statements rather than escaping the values manually. 1 Quote Link to comment Share on other sites More sharing options...
malma Posted March 4, 2015 Share Posted March 4, 2015 I'm sorry to have posted the same post similar to this but I'm seeing my problem is extarctly like galvin's. Anyone with solution please your help will be appreciated. Quote Link to comment Share on other sites More sharing options...
CroNiX Posted March 4, 2015 Share Posted March 4, 2015 It's just what Ch0cu3r said, the mysqli_prep() function had no knowledge of the $connection variable, as it was defined outside of the function but not passed to the function where it was used. Ch0cu3r also posted links explaining variable scope. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.