Solved

Use of real_escape_string with mysqli object

Posted on 2008-10-13
3
1,531 Views
Last Modified: 2013-12-12
I keep getting the following error message when I call the mysqli function real_scape_string as shown in the code below:

"Fatal error: Call to a member function real_escape_string() on a non-object in /(HOST ADDRESS OMITTED)/processExpertZoneForm.php5 on line 15"

The database opens OK because without the call to the real_escape_string function everything appears to be fine. I'm sure that there's something elementary that I'm missing here!


<?php
// Open database connection
@ $db = new mysqli('a', 'b', 'c', 'd');    CONNECTION DETAILS OMITTED
 
/*********************** 
 
 DATA CLEANING FUNCTIONS
 
 ***********************/
function clean_data($string) 
{
  if (get_magic_quotes_gpc()) $string = stripslashes($string);
  $string = htmlentities($string);	// if text contains markup, neutralize it be conversion to html entities prior to insertion
  return $db->real_escape_string($string);
}
function remove_headers($string) { 
  $headers = array("/to\:/i","/from\:/i","/bcc\:/i","/cc\:/i","/Content\-Transfer\-Encoding\:/i","/Content\-Type\:/i","/Mime\-Version\:/i"); 
  return preg_replace($headers, '', $string);
} 
 
/**********************************************
 
 CLEAN AND INSERT POST VALUES INTO THE DATABASE
 
 **********************************************/
// Clean up the form data prior to insertion in the database
$topic = $_POST['topic'];	// numeric primary key value
$nameA = clean_data($_POST['name']);
$qEmailA = clean_data($_POST['email']);	// questioner's email address goes into database
$questionA = clean_data($_POST['question']);
 
// Insert values into database
$query = "INSERT INTO expertZone_QandA VALUES ('','".$topic."','".$questionA."','','".$nameA."','".$qEmailA."')";
$result = $db->query($query); 
if ($result)
{ 
	echo '<p>ITEM ADDED</p>';
	echo '<p>$name = '.$nameA.'</p>';
	echo '<p>$qEmail = '.$qEmailA.'</p>';
	echo '<p>$question = '.$questionA.'</p>';
	echo '<p>$topic_pk = '.$topic.'</p>';
}
 
// Close database connection
$db->close();

Open in new window

0
Comment
Question by:kcalder
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 1

Accepted Solution

by:
Xavior2K3 earned 125 total points
ID: 22702100
This is happening because the global variable $db isn't accessible from within the function, so try adding "global $db;" before you call the real_escape_string function. Hope this helps!
function clean_data($string) {
   if (get_magic_quotes_gpc()) $string = stripslashes($string);
   $string = htmlentities($string); // if text contains markup, neutralize it be conversion to html entities prior to insertion
   global $db; // Allow function access to global $db variable
   return $db->real_escape_string($string);
}

Open in new window

0
 

Author Closing Comment

by:kcalder
ID: 31406294
Your solution works fine, thank you. However, I don't quite understand why the global variable is not within scope when used in the function since it is a global.
0
 
LVL 1

Expert Comment

by:Xavior2K3
ID: 22702540
Yes it does seem a bit strange compared to other languages, but it's the way things go with PHP! Perhaps to try and reduce the use of global variables which has always been seen as a bad way of doing things. Not that I entirely agree with that though!

In the PHP documentation it states:

"...within user-defined functions a local function scope is introduced. Any variable used inside a function is by default limited to the local function scope."

Therefore it only looks within the functions scope for the variable $db when it is referenced. You can either declare the variable using the 'global' keyword within the function body, or use the $_GLOBALS variable to access the variable from within a function or within a class method.

Glad you've got it working!
0

Featured Post

Containers and Docker for Everyone

Containers are an incredibly powerful technology that can provide you and/or your engineering team with huge productivity gains. Using containers, you can deploy, back up, replicate, and move apps and their dependencies quickly and easily.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses four methods for overlaying images in a container on a web page
In this series, we will discuss common questions received as a database Solutions Engineer at Percona. In this role, we speak with a wide array of MySQL and MongoDB users responsible for both extremely large and complex environments to smaller singl…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question