-1

I am using mysqli_real_escape_string() function to escape sql injections and as we know it operates with to parameters: one is the $link (mysqli_connect(...)) and the other is the $_POST[''];.

Now, I want the $link parameter to be in an external php file dbconnect.php (for quick changes) and then when I will include it in the main.php to assign a $connection variable.

Everywhere in the stackoverflow I found the answer should be like:

ob_start();
include('dbconnect.php');
$connection = ob_get_contents();
ob_end_clean();

When I do this:

ob_start();
include('dbconnect.php');
$connection = ob_get_contents();
ob_end_clean();

$auser=mysqli_real_escape_string($connection, $_POST['name_p']); ---line 1
$apassword=mysqli_real_escape_string($connection, $_POST['password_p']); --- line 2

I have a warning:

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given in C:... main.php on line ---1

Thank you

user3625176
  • 71
  • 1
  • 10
  • If `$link` already exist in the included file, why don't you just use `$link` instead of `$linkkk` ? – frz3993 Dec 27 '15 at 21:59

1 Answers1

0

ob_start = Turn on output buffering, ob_get_contents = Return the contents of the output buffer and this is not what you need for mysqli_real_escape_string() as a first parameter ... $link needs to be -> A link identifier returned by mysqli_connect() or mysqli_init()

C Florin
  • 99
  • 5