Use of real_escape_string with mysqli object

Posted on 2008-10-13
Medium Priority
Last Modified: 2013-12-12
I keep getting the following error message when I call the mysqli function real_scape_string as shown in the code below:

"Fatal error: Call to a member function real_escape_string() on a non-object in /(HOST ADDRESS OMITTED)/processExpertZoneForm.php5 on line 15"

The database opens OK because without the call to the real_escape_string function everything appears to be fine. I'm sure that there's something elementary that I'm missing here!

// Open database connection
@ $db = new mysqli('a', 'b', 'c', 'd');    CONNECTION DETAILS OMITTED
function clean_data($string) 
  if (get_magic_quotes_gpc()) $string = stripslashes($string);
  $string = htmlentities($string);	// if text contains markup, neutralize it be conversion to html entities prior to insertion
  return $db->real_escape_string($string);
function remove_headers($string) { 
  $headers = array("/to\:/i","/from\:/i","/bcc\:/i","/cc\:/i","/Content\-Transfer\-Encoding\:/i","/Content\-Type\:/i","/Mime\-Version\:/i"); 
  return preg_replace($headers, '', $string);
// Clean up the form data prior to insertion in the database
$topic = $_POST['topic'];	// numeric primary key value
$nameA = clean_data($_POST['name']);
$qEmailA = clean_data($_POST['email']);	// questioner's email address goes into database
$questionA = clean_data($_POST['question']);
// Insert values into database
$query = "INSERT INTO expertZone_QandA VALUES ('','".$topic."','".$questionA."','','".$nameA."','".$qEmailA."')";
$result = $db->query($query); 
if ($result)
	echo '<p>ITEM ADDED</p>';
	echo '<p>$name = '.$nameA.'</p>';
	echo '<p>$qEmail = '.$qEmailA.'</p>';
	echo '<p>$question = '.$questionA.'</p>';
	echo '<p>$topic_pk = '.$topic.'</p>';
// Close database connection

Open in new window

Question by:kcalder
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Accepted Solution

Xavior2K3 earned 500 total points
ID: 22702100
This is happening because the global variable $db isn't accessible from within the function, so try adding "global $db;" before you call the real_escape_string function. Hope this helps!
function clean_data($string) {
   if (get_magic_quotes_gpc()) $string = stripslashes($string);
   $string = htmlentities($string); // if text contains markup, neutralize it be conversion to html entities prior to insertion
   global $db; // Allow function access to global $db variable
   return $db->real_escape_string($string);

Open in new window


Author Closing Comment

ID: 31406294
Your solution works fine, thank you. However, I don't quite understand why the global variable is not within scope when used in the function since it is a global.

Expert Comment

ID: 22702540
Yes it does seem a bit strange compared to other languages, but it's the way things go with PHP! Perhaps to try and reduce the use of global variables which has always been seen as a bad way of doing things. Not that I entirely agree with that though!

In the PHP documentation it states:

"...within user-defined functions a local function scope is introduced. Any variable used inside a function is by default limited to the local function scope."

Therefore it only looks within the functions scope for the variable $db when it is referenced. You can either declare the variable using the 'global' keyword within the function body, or use the $_GLOBALS variable to access the variable from within a function or within a class method.

Glad you've got it working!

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this series, we will discuss common questions received as a database Solutions Engineer at Percona. In this role, we speak with a wide array of MySQL and MongoDB users responsible for both extremely large and complex environments to smaller singl…
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
The viewer will learn how to dynamically set the form action using jQuery.
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question