Completely lost with mysqli_real_escape_string

Question

I have viewed so many people having this same problem but none of the solutions are relevant / they didn't work.

Firstly, here's my simple code to make things easy:

<?php
$mysqli = new mysqli("localhost", "root", "", "pembsweb");
if ($mysqli->connect_errno) {
    printf("Connect failed: %s\n", $mysqli->connect_error);
    exit();
}
function mysqli_secure($string) {
        $string = htmlspecialchars($string);
        $string = trim($string);
        if (get_magic_quotes_gpc()) {
            $string = stripslashes($string);
        }
        $string = $mysqli->real_escape_string($string);
    return $string;
}
echo mysqli_secure("lets\\test//this");
?>

This causes the error:

Fatal error: Call to a member function real_escape_string() on a non-object on line 13

I'm feeling really stupid and irritated right now.. Can anyone help me?

EDIT: I have tried removing all other lines from the function, so all it's doing is the mysqli real escape, and still nothing.. I have also tried defining $string via $string = new stdClass(); on the first line of the function, and still nothing..

It's a scope issue; your `$mysqli` object isn't in scope in your function. — andrewsi, Jul 05 '13 at 15:08
How is it not within scope? :/ It's left open, surely i don't need to redefine a mysqli connection in every function that uses it's resources? — Chuckun, Jul 05 '13 at 15:09
No, but you need to pass it into the functions. The better way to deal with that would be to use a class, in which the connection is available to each function as an object property. — deceze, Jul 05 '13 at 15:10
@Chuckun - you're getting confused there between the mysqli _connection_ (which as you say is open and available inside the function) and the `$mysqli` _object_ you've declared that uses the connection. — andrewsi, Jul 05 '13 at 15:14
@andrewsi You're completely right.. I'm an experienced procedural programmer but an absolute novice to object orientated programming.. I've literally been doing it for two days.. Thanks for your help! — Chuckun, Jul 05 '13 at 15:30
Even as an experienced procedural programmer you should have come across variable scope before...!?! O_o ;-P — deceze, Jul 05 '13 at 15:37

score 2 · Accepted Answer · answered Jul 05 '13 at 15:11

2

$mysqli is defined in other scope, than that you are trying to use it in. Pass it as an argument.

<?php
$mysqli = new mysqli("localhost", "root", "", "pembsweb");
if ($mysqli->connect_errno) {
    printf("Connect failed: %s\n", $mysqli->connect_error);
    exit();
}
function mysqli_secure($mysqli, $string) {
        $string = htmlspecialchars($string);
        $string = trim($string);
        if (get_magic_quotes_gpc()) {
            $string = stripslashes($string);
        }
        $string = $mysqli->real_escape_string($string);
    return $string;
}
echo mysqli_secure($mysqli, "lets\\test//this");
?>

answered Jul 05 '13 at 15:11

ElmoVanKielmo

10,907
2
32
46

Great, thanks a lot.. I'm not sure this will be practical because I use mysqli_secure a LOT throughout my work (previously mysql_secure, from pre-oop) and would require a lot of editing, so maybe I will have to figure out how to have the database usable from within any functions.. – Chuckun Jul 05 '13 at 15:28
@Chuckun, unfortunately I don't have time now, but I promise to update my answer, to show you one of the strategies to have your mysql functions isolated, yet widely available with initialized connection too. – ElmoVanKielmo Jul 05 '13 at 15:39
add `global $mysqli` inside your function then if you don't want to update your call to the function everywhere in your project – Dave Jul 05 '13 at 15:43

Completely lost with mysqli_real_escape_string

1 Answers1