Use of real_escape_string with mysqli object

Posted on 2008-10-13
Last Modified: 2013-12-12
I keep getting the following error message when I call the mysqli function real_scape_string as shown in the code below:

"Fatal error: Call to a member function real_escape_string() on a non-object in /(HOST ADDRESS OMITTED)/processExpertZoneForm.php5 on line 15"

The database opens OK because without the call to the real_escape_string function everything appears to be fine. I'm sure that there's something elementary that I'm missing here!


// Open database connection

@ $db = new mysqli('a', 'b', 'c', 'd');    CONNECTION DETAILS OMITTED






function clean_data($string) 


  if (get_magic_quotes_gpc()) $string = stripslashes($string);

  $string = htmlentities($string);	// if text contains markup, neutralize it be conversion to html entities prior to insertion

  return $db->real_escape_string($string);


function remove_headers($string) { 

  $headers = array("/to\:/i","/from\:/i","/bcc\:/i","/cc\:/i","/Content\-Transfer\-Encoding\:/i","/Content\-Type\:/i","/Mime\-Version\:/i"); 

  return preg_replace($headers, '', $string);







// Clean up the form data prior to insertion in the database

$topic = $_POST['topic'];	// numeric primary key value

$nameA = clean_data($_POST['name']);

$qEmailA = clean_data($_POST['email']);	// questioner's email address goes into database

$questionA = clean_data($_POST['question']);

// Insert values into database

$query = "INSERT INTO expertZone_QandA VALUES ('','".$topic."','".$questionA."','','".$nameA."','".$qEmailA."')";

$result = $db->query($query); 

if ($result)


	echo '<p>ITEM ADDED</p>';

	echo '<p>$name = '.$nameA.'</p>';

	echo '<p>$qEmail = '.$qEmailA.'</p>';

	echo '<p>$question = '.$questionA.'</p>';

	echo '<p>$topic_pk = '.$topic.'</p>';


// Close database connection


Open in new window

Question by:kcalder
  • 2

Accepted Solution

Xavior2K3 earned 125 total points
ID: 22702100
This is happening because the global variable $db isn't accessible from within the function, so try adding "global $db;" before you call the real_escape_string function. Hope this helps!
function clean_data($string) {

   if (get_magic_quotes_gpc()) $string = stripslashes($string);

   $string = htmlentities($string); // if text contains markup, neutralize it be conversion to html entities prior to insertion

   global $db; // Allow function access to global $db variable

   return $db->real_escape_string($string);


Open in new window


Author Closing Comment

ID: 31406294
Your solution works fine, thank you. However, I don't quite understand why the global variable is not within scope when used in the function since it is a global.

Expert Comment

ID: 22702540
Yes it does seem a bit strange compared to other languages, but it's the way things go with PHP! Perhaps to try and reduce the use of global variables which has always been seen as a bad way of doing things. Not that I entirely agree with that though!

In the PHP documentation it states:

"...within user-defined functions a local function scope is introduced. Any variable used inside a function is by default limited to the local function scope."

Therefore it only looks within the functions scope for the variable $db when it is referenced. You can either declare the variable using the 'global' keyword within the function body, or use the $_GLOBALS variable to access the variable from within a function or within a class method.

Glad you've got it working!

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How can i modify my File download link ? 6 45
Animated .jpg? 13 55
SQL Query 34 79
What is the best PDF generator to use? 1 21
I'm trying, I really am. But I've seen so many wrong approaches involving date(time) boundaries I despair about my inability to explain it. I've seen quite a few recently that define a non-leap year as 364 days, or 366 days and the list goes on. …
Creating and Managing Databases with phpMyAdmin in cPanel.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now