Use of real_escape_string with mysqli object
I keep getting the following error message when I call the mysqli function real_scape_string as shown in the code below:
"Fatal error: Call to a member function real_escape_string() on a non-object in /(HOST ADDRESS OMITTED)/processExpertZone
The database opens OK because without the call to the real_escape_string function everything appears to be fine. I'm sure that there's something elementary that I'm missing here!
"Fatal error: Call to a member function real_escape_string() on a non-object in /(HOST ADDRESS OMITTED)/processExpertZone
The database opens OK because without the call to the real_escape_string function everything appears to be fine. I'm sure that there's something elementary that I'm missing here!
<?php
// Open database connection
@ $db = new mysqli('a', 'b', 'c', 'd'); CONNECTION DETAILS OMITTED
/***********************
DATA CLEANING FUNCTIONS
***********************/
function clean_data($string)
{
if (get_magic_quotes_gpc()) $string = stripslashes($string);
$string = htmlentities($string); // if text contains markup, neutralize it be conversion to html entities prior to insertion
return $db->real_escape_string($string);
}
function remove_headers($string) {
$headers = array("/to\:/i","/from\:/i","/bcc\:/i","/cc\:/i","/Content\-Transfer\-Encoding\:/i","/Content\-Type\:/i","/Mime\-Version\:/i");
return preg_replace($headers, '', $string);
}
/**********************************************
CLEAN AND INSERT POST VALUES INTO THE DATABASE
**********************************************/
// Clean up the form data prior to insertion in the database
$topic = $_POST['topic']; // numeric primary key value
$nameA = clean_data($_POST['name']);
$qEmailA = clean_data($_POST['email']); // questioner's email address goes into database
$questionA = clean_data($_POST['question']);
// Insert values into database
$query = "INSERT INTO expertZone_QandA VALUES ('','".$topic."','".$questionA."','','".$nameA."','".$qEmailA."')";
$result = $db->query($query);
if ($result)
{
echo '<p>ITEM ADDED</p>';
echo '<p>$name = '.$nameA.'</p>';
echo '<p>$qEmail = '.$qEmailA.'</p>';
echo '<p>$question = '.$questionA.'</p>';
echo '<p>$topic_pk = '.$topic.'</p>';
}
// Close database connection
$db->close();
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes it does seem a bit strange compared to other languages, but it's the way things go with PHP! Perhaps to try and reduce the use of global variables which has always been seen as a bad way of doing things. Not that I entirely agree with that though!
In the PHP documentation it states:
"...within user-defined functions a local function scope is introduced. Any variable used inside a function is by default limited to the local function scope."
Therefore it only looks within the functions scope for the variable $db when it is referenced. You can either declare the variable using the 'global' keyword within the function body, or use the $_GLOBALS variable to access the variable from within a function or within a class method.
Glad you've got it working!
In the PHP documentation it states:
"...within user-defined functions a local function scope is introduced. Any variable used inside a function is by default limited to the local function scope."
Therefore it only looks within the functions scope for the variable $db when it is referenced. You can either declare the variable using the 'global' keyword within the function body, or use the $_GLOBALS variable to access the variable from within a function or within a class method.
Glad you've got it working!
ASKER