0

I am trying to convert an old site to use mysqli rather than mysql.

Hit a bit of a stumberling block with this section of code

if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysqli_real_escape_string") ? mysqli_real_escape_string($theValue) : mysqli_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;   
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

I keep getting the errors

Warning:  mysqli_real_escape_string() expects exactly 2 parameters, 1 given in 

Warning:  mysqli_real_escape_string() expects exactly 2 parameters, 1 given in

If I add a connection like this

$theValue = function_exists("mysqli_real_escape_string") ? mysqli_real_escape_string($test,$theValue) : mysqli_escape_string($test,$theValue);

get the error

Warning:  mysqli_real_escape_string() expects parameter 1 to be mysqli, null given



Warning:  mysqli_real_escape_string() expects parameter 1 to be mysqli, null given

Could someone please tell me what I am doing wrong

Many thanks

Darline
  • 195
  • 3
  • 13
  • 3
    The error message tells you *exactly* what is wrong. If you RTM you can see that function takes two parameters. You're only providing one. You're missing your connection. – John Conde Nov 21 '13 at 20:23
  • You have to pass mysqli handle into functions http://php.net/manual/en/mysqli.real-escape-string.php – Nicolai Nov 21 '13 at 20:24
  • You don't need to test for `function_exists("mysqli_real_escape_string")`. If mysqli exists, so does `mysqli_real_escape_string`. Just call it. – deceze Nov 21 '13 at 20:27
  • 2
    Please, FFS, learn to use prepared statements. – tereško Nov 21 '13 at 22:32

2 Answers2

6

Get. Rid. Of. This. Whole. Function.

It should not be used with mysqli ever. Because mysqli has it's own mechanisms that have to be used instead.

However, these mechanisms are quite inconvenient, so, better move towards PDO prepared statements.

Community
  • 1
  • 1
Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
0

mysqli_real_escape_string needs to be passed the database connection also. So you'll need to provide that to the function, then do:

mysqli_escape_string($connection, $theValue);

http://php.net/manual/en/mysqli.real-escape-string.php

In addition, it tells your that your $test variable is null - again, it's expecting the live database connection you created with myqli_connect(). You will likely need to pass that into the function as a parameter.

Nathan Loding
  • 3,185
  • 2
  • 37
  • 43
  • 3
    You should not use or link to [w3schools](http://www.w3fools.com). It's not a reliable source of information and we don't want to encourage its use. Not to mention php.net is the definitive source on PHP functions. – John Conde Nov 21 '13 at 20:24
  • Please read the entire question. – deceze Nov 21 '13 at 20:25