Use of real_escape_string with mysqli object

Posted on 2008-10-13
Last Modified: 2013-12-12
I keep getting the following error message when I call the mysqli function real_scape_string as shown in the code below:

"Fatal error: Call to a member function real_escape_string() on a non-object in /(HOST ADDRESS OMITTED)/processExpertZoneForm.php5 on line 15"

The database opens OK because without the call to the real_escape_string function everything appears to be fine. I'm sure that there's something elementary that I'm missing here!

// Open database connection
@ $db = new mysqli('a', 'b', 'c', 'd');    CONNECTION DETAILS OMITTED
function clean_data($string) 
  if (get_magic_quotes_gpc()) $string = stripslashes($string);
  $string = htmlentities($string);	// if text contains markup, neutralize it be conversion to html entities prior to insertion
  return $db->real_escape_string($string);
function remove_headers($string) { 
  $headers = array("/to\:/i","/from\:/i","/bcc\:/i","/cc\:/i","/Content\-Transfer\-Encoding\:/i","/Content\-Type\:/i","/Mime\-Version\:/i"); 
  return preg_replace($headers, '', $string);
// Clean up the form data prior to insertion in the database
$topic = $_POST['topic'];	// numeric primary key value
$nameA = clean_data($_POST['name']);
$qEmailA = clean_data($_POST['email']);	// questioner's email address goes into database
$questionA = clean_data($_POST['question']);
// Insert values into database
$query = "INSERT INTO expertZone_QandA VALUES ('','".$topic."','".$questionA."','','".$nameA."','".$qEmailA."')";
$result = $db->query($query); 
if ($result)
	echo '<p>ITEM ADDED</p>';
	echo '<p>$name = '.$nameA.'</p>';
	echo '<p>$qEmail = '.$qEmailA.'</p>';
	echo '<p>$question = '.$questionA.'</p>';
	echo '<p>$topic_pk = '.$topic.'</p>';
// Close database connection

Open in new window

Question by:kcalder
  • 2

Accepted Solution

Xavior2K3 earned 125 total points
ID: 22702100
This is happening because the global variable $db isn't accessible from within the function, so try adding "global $db;" before you call the real_escape_string function. Hope this helps!
function clean_data($string) {
   if (get_magic_quotes_gpc()) $string = stripslashes($string);
   $string = htmlentities($string); // if text contains markup, neutralize it be conversion to html entities prior to insertion
   global $db; // Allow function access to global $db variable
   return $db->real_escape_string($string);

Open in new window


Author Closing Comment

ID: 31406294
Your solution works fine, thank you. However, I don't quite understand why the global variable is not within scope when used in the function since it is a global.

Expert Comment

ID: 22702540
Yes it does seem a bit strange compared to other languages, but it's the way things go with PHP! Perhaps to try and reduce the use of global variables which has always been seen as a bad way of doing things. Not that I entirely agree with that though!

In the PHP documentation it states:

"...within user-defined functions a local function scope is introduced. Any variable used inside a function is by default limited to the local function scope."

Therefore it only looks within the functions scope for the variable $db when it is referenced. You can either declare the variable using the 'global' keyword within the function body, or use the $_GLOBALS variable to access the variable from within a function or within a class method.

Glad you've got it working!

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally there is a need to clean table columns, especially if you have inherited legacy data. There are obviously many ways to accomplish that, including elaborate UPDATE queries with anywhere from one to numerous REPLACE functions (even within…
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now