Solved

Use of real_escape_string with mysqli object

Posted on 2008-10-13
3
1,522 Views
Last Modified: 2013-12-12
I keep getting the following error message when I call the mysqli function real_scape_string as shown in the code below:

"Fatal error: Call to a member function real_escape_string() on a non-object in /(HOST ADDRESS OMITTED)/processExpertZoneForm.php5 on line 15"

The database opens OK because without the call to the real_escape_string function everything appears to be fine. I'm sure that there's something elementary that I'm missing here!


<?php

// Open database connection

@ $db = new mysqli('a', 'b', 'c', 'd');    CONNECTION DETAILS OMITTED
 

/*********************** 

 

 DATA CLEANING FUNCTIONS

 

 ***********************/

function clean_data($string) 

{

  if (get_magic_quotes_gpc()) $string = stripslashes($string);

  $string = htmlentities($string);	// if text contains markup, neutralize it be conversion to html entities prior to insertion

  return $db->real_escape_string($string);

}

function remove_headers($string) { 

  $headers = array("/to\:/i","/from\:/i","/bcc\:/i","/cc\:/i","/Content\-Transfer\-Encoding\:/i","/Content\-Type\:/i","/Mime\-Version\:/i"); 

  return preg_replace($headers, '', $string);

} 
 

/**********************************************

 

 CLEAN AND INSERT POST VALUES INTO THE DATABASE

 

 **********************************************/

// Clean up the form data prior to insertion in the database

$topic = $_POST['topic'];	// numeric primary key value

$nameA = clean_data($_POST['name']);

$qEmailA = clean_data($_POST['email']);	// questioner's email address goes into database

$questionA = clean_data($_POST['question']);
 

// Insert values into database

$query = "INSERT INTO expertZone_QandA VALUES ('','".$topic."','".$questionA."','','".$nameA."','".$qEmailA."')";

$result = $db->query($query); 

if ($result)

{ 

	echo '<p>ITEM ADDED</p>';

	echo '<p>$name = '.$nameA.'</p>';

	echo '<p>$qEmail = '.$qEmailA.'</p>';

	echo '<p>$question = '.$questionA.'</p>';

	echo '<p>$topic_pk = '.$topic.'</p>';

}
 

// Close database connection

$db->close();

Open in new window

0
Comment
Question by:kcalder
  • 2
3 Comments
 
LVL 1

Accepted Solution

by:
Xavior2K3 earned 125 total points
Comment Utility
This is happening because the global variable $db isn't accessible from within the function, so try adding "global $db;" before you call the real_escape_string function. Hope this helps!
function clean_data($string) {

   if (get_magic_quotes_gpc()) $string = stripslashes($string);

   $string = htmlentities($string); // if text contains markup, neutralize it be conversion to html entities prior to insertion

   global $db; // Allow function access to global $db variable

   return $db->real_escape_string($string);

}

Open in new window

0
 

Author Closing Comment

by:kcalder
Comment Utility
Your solution works fine, thank you. However, I don't quite understand why the global variable is not within scope when used in the function since it is a global.
0
 
LVL 1

Expert Comment

by:Xavior2K3
Comment Utility
Yes it does seem a bit strange compared to other languages, but it's the way things go with PHP! Perhaps to try and reduce the use of global variables which has always been seen as a bad way of doing things. Not that I entirely agree with that though!

In the PHP documentation it states:

"...within user-defined functions a local function scope is introduced. Any variable used inside a function is by default limited to the local function scope."

Therefore it only looks within the functions scope for the variable $db when it is referenced. You can either declare the variable using the 'global' keyword within the function body, or use the $_GLOBALS variable to access the variable from within a function or within a class method.

Glad you've got it working!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

This article describes how to use the timestamp of existing data in a database to allow Tableau to calculate the prior work day instead of relying on case statements or if statements to calculate the days of the week.
These days socially coordinated efforts have turned into a critical requirement for enterprises.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now