13
if (phpversion() >= '4.3.0'){
    $string = mysqli_real_escape_string($string);
}else{
    $string = mysqli_escape_string($string);
}

All the documentation for mysqli_real_escape_string seems to indicate this is a valid bit of code, but I don't understand why I get this error:

mysqli_real_escape_string() expects exactly 2 parameters, 1 given

Dharman
  • 30,962
  • 25
  • 85
  • 135
user880789
  • 171
  • 1
  • 1
  • 9
  • 3
    Are you sure you're reading the documentation for `mysqli_real_escape_string` rather than `mysql_real_escape_string`? Particularly as `mysqli` functions don't exist before PHP 5... – lonesomeday Oct 12 '11 at 16:36
  • possible duplicate of [mysql_fetch_array() expects parameter 1 to be resource, boolean given in select](http://stackoverflow.com/questions/2973202/mysql-fetch-array-expects-parameter-1-to-be-resource-boolean-given-in-select) – GDP Aug 03 '12 at 00:48

5 Answers5

16

Documentation says it needs two parameters:

string mysqli_real_escape_string ( mysqli $link , string $escapestr )

The first one is a link for a mysqli instance, the second one is the string to escape.

Dharman
  • 30,962
  • 25
  • 85
  • 135
meze
  • 14,975
  • 4
  • 47
  • 52
3

Let me just add an extra bit of information: If you are using NetBeans, its documentation actually shows the mysqli_real_escape_string function like this:

mysqli_real_escape_string (PHP 5)
    Escapes special characters in a string for use in an SQL statement, taking into account the current charset of the connection

Parameters:

    string $escapestr
        'The string to be escaped.'

Returns:

    Type:
    string

Description:
    an escaped string.

This is wrong, though, as shown in the other answers. It requires both the $link and the $string.

Pedro Moreira
  • 961
  • 1
  • 13
  • 28
  • Do you know how can I do it so netbeans autocomplete feature will show `mysqli_real_escape_string($link, $escapestr)` instead of `mysqli_real_escape_string($escapestr)`? – gbestard Aug 11 '14 at 07:59
  • Close Netbeans. Go to: `\php\phpstubs\phpruntime` and edit the file `mysqli.php`, press `CTRL`+`F` and search for `mysqli_real_escape_string`. Add the `$link`parameter before the `$escapestr`and in the commented part above, add `* @param mysqli $link` in the line before `* @param string $escapestr

    `. Open Netbeans and test it.

     – Pedro Moreira Aug 11 '14 at 09:27
  • Note: you might have to open the file in an editor with administrator rights, or copy it to desktop, edit it there and copy/replace it back in the original folder. – Pedro Moreira Aug 11 '14 at 09:36
  • 4 years later, netbeans documentation still buggy. – Jan 'splite' K. Jul 20 '17 at 09:36
3

Following is the proper format to use it : 

string mysqli_real_escape_string ( mysqli $link , string $escapestr )

first parameter is mysql connection link identifier, and second is string For more details, you can visit this link : http://in2.php.net/manual/en/mysqli.real-escape-string.php.

Nishu Tayal
  • 20,106
  • 8
  • 49
  • 101
2
$con = new mysqli("localhost", "root", "your_password", "your_database_name");
$data = json_decode(file_get_contents("php://input"));
$empno = mysqli_real_escape_string($con, $data->empno);//this will do your work
Israel Meshileya
  • 293
  • 4
  • 18
1

mysqli_real_escape_string(DBconnection, __dat__a); mysqli_real_escape_string needs the db connection variable

learningjoe
  • 81
  • 6