• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1541
  • Last Modified:

Use of real_escape_string with mysqli object

I keep getting the following error message when I call the mysqli function real_scape_string as shown in the code below:

"Fatal error: Call to a member function real_escape_string() on a non-object in /(HOST ADDRESS OMITTED)/processExpertZoneForm.php5 on line 15"

The database opens OK because without the call to the real_escape_string function everything appears to be fine. I'm sure that there's something elementary that I'm missing here!


<?php
// Open database connection
@ $db = new mysqli('a', 'b', 'c', 'd');    CONNECTION DETAILS OMITTED
 
/*********************** 
 
 DATA CLEANING FUNCTIONS
 
 ***********************/
function clean_data($string) 
{
  if (get_magic_quotes_gpc()) $string = stripslashes($string);
  $string = htmlentities($string);	// if text contains markup, neutralize it be conversion to html entities prior to insertion
  return $db->real_escape_string($string);
}
function remove_headers($string) { 
  $headers = array("/to\:/i","/from\:/i","/bcc\:/i","/cc\:/i","/Content\-Transfer\-Encoding\:/i","/Content\-Type\:/i","/Mime\-Version\:/i"); 
  return preg_replace($headers, '', $string);
} 
 
/**********************************************
 
 CLEAN AND INSERT POST VALUES INTO THE DATABASE
 
 **********************************************/
// Clean up the form data prior to insertion in the database
$topic = $_POST['topic'];	// numeric primary key value
$nameA = clean_data($_POST['name']);
$qEmailA = clean_data($_POST['email']);	// questioner's email address goes into database
$questionA = clean_data($_POST['question']);
 
// Insert values into database
$query = "INSERT INTO expertZone_QandA VALUES ('','".$topic."','".$questionA."','','".$nameA."','".$qEmailA."')";
$result = $db->query($query); 
if ($result)
{ 
	echo '<p>ITEM ADDED</p>';
	echo '<p>$name = '.$nameA.'</p>';
	echo '<p>$qEmail = '.$qEmailA.'</p>';
	echo '<p>$question = '.$questionA.'</p>';
	echo '<p>$topic_pk = '.$topic.'</p>';
}
 
// Close database connection
$db->close();

Open in new window

0
kcalder
Asked:
kcalder
  • 2
1 Solution
 
Xavior2K3Commented:
This is happening because the global variable $db isn't accessible from within the function, so try adding "global $db;" before you call the real_escape_string function. Hope this helps!
function clean_data($string) {
   if (get_magic_quotes_gpc()) $string = stripslashes($string);
   $string = htmlentities($string); // if text contains markup, neutralize it be conversion to html entities prior to insertion
   global $db; // Allow function access to global $db variable
   return $db->real_escape_string($string);
}

Open in new window

0
 
kcalderAuthor Commented:
Your solution works fine, thank you. However, I don't quite understand why the global variable is not within scope when used in the function since it is a global.
0
 
Xavior2K3Commented:
Yes it does seem a bit strange compared to other languages, but it's the way things go with PHP! Perhaps to try and reduce the use of global variables which has always been seen as a bad way of doing things. Not that I entirely agree with that though!

In the PHP documentation it states:

"...within user-defined functions a local function scope is introduced. Any variable used inside a function is by default limited to the local function scope."

Therefore it only looks within the functions scope for the variable $db when it is referenced. You can either declare the variable using the 'global' keyword within the function body, or use the $_GLOBALS variable to access the variable from within a function or within a class method.

Glad you've got it working!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now