Solved

Use of real_escape_string with mysqli object

Posted on 2008-10-13
3
1,530 Views
Last Modified: 2013-12-12
I keep getting the following error message when I call the mysqli function real_scape_string as shown in the code below:

"Fatal error: Call to a member function real_escape_string() on a non-object in /(HOST ADDRESS OMITTED)/processExpertZoneForm.php5 on line 15"

The database opens OK because without the call to the real_escape_string function everything appears to be fine. I'm sure that there's something elementary that I'm missing here!


<?php
// Open database connection
@ $db = new mysqli('a', 'b', 'c', 'd');    CONNECTION DETAILS OMITTED
 
/*********************** 
 
 DATA CLEANING FUNCTIONS
 
 ***********************/
function clean_data($string) 
{
  if (get_magic_quotes_gpc()) $string = stripslashes($string);
  $string = htmlentities($string);	// if text contains markup, neutralize it be conversion to html entities prior to insertion
  return $db->real_escape_string($string);
}
function remove_headers($string) { 
  $headers = array("/to\:/i","/from\:/i","/bcc\:/i","/cc\:/i","/Content\-Transfer\-Encoding\:/i","/Content\-Type\:/i","/Mime\-Version\:/i"); 
  return preg_replace($headers, '', $string);
} 
 
/**********************************************
 
 CLEAN AND INSERT POST VALUES INTO THE DATABASE
 
 **********************************************/
// Clean up the form data prior to insertion in the database
$topic = $_POST['topic'];	// numeric primary key value
$nameA = clean_data($_POST['name']);
$qEmailA = clean_data($_POST['email']);	// questioner's email address goes into database
$questionA = clean_data($_POST['question']);
 
// Insert values into database
$query = "INSERT INTO expertZone_QandA VALUES ('','".$topic."','".$questionA."','','".$nameA."','".$qEmailA."')";
$result = $db->query($query); 
if ($result)
{ 
	echo '<p>ITEM ADDED</p>';
	echo '<p>$name = '.$nameA.'</p>';
	echo '<p>$qEmail = '.$qEmailA.'</p>';
	echo '<p>$question = '.$questionA.'</p>';
	echo '<p>$topic_pk = '.$topic.'</p>';
}
 
// Close database connection
$db->close();

Open in new window

0
Comment
Question by:kcalder
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 1

Accepted Solution

by:
Xavior2K3 earned 125 total points
ID: 22702100
This is happening because the global variable $db isn't accessible from within the function, so try adding "global $db;" before you call the real_escape_string function. Hope this helps!
function clean_data($string) {
   if (get_magic_quotes_gpc()) $string = stripslashes($string);
   $string = htmlentities($string); // if text contains markup, neutralize it be conversion to html entities prior to insertion
   global $db; // Allow function access to global $db variable
   return $db->real_escape_string($string);
}

Open in new window

0
 

Author Closing Comment

by:kcalder
ID: 31406294
Your solution works fine, thank you. However, I don't quite understand why the global variable is not within scope when used in the function since it is a global.
0
 
LVL 1

Expert Comment

by:Xavior2K3
ID: 22702540
Yes it does seem a bit strange compared to other languages, but it's the way things go with PHP! Perhaps to try and reduce the use of global variables which has always been seen as a bad way of doing things. Not that I entirely agree with that though!

In the PHP documentation it states:

"...within user-defined functions a local function scope is introduced. Any variable used inside a function is by default limited to the local function scope."

Therefore it only looks within the functions scope for the variable $db when it is referenced. You can either declare the variable using the 'global' keyword within the function body, or use the $_GLOBALS variable to access the variable from within a function or within a class method.

Glad you've got it working!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question