1

I have tried every solution posted on other questions about this topic, but none of them work.

I'm sorry if this is a basic question, but I'm new with MySQLi and I can't figure out why this connection won't work.

I have a function in my functions.php file that has:

function cleanInput($string) {
    $stripsql = $connect->real_escape_string($string);
    $addslashes = addslashes($stripsql);
    return $addslashes;
}

The second line is throwing that error in the title.

I do connect to the database, and $connect is a working variable. It's set in config.php using:

$connect = new mysqli('localhost', 'shop', 'password', 'zen');

I've even tried moving that line right before the function to no avail.

A var_dump on $connect in the functions.php file does not return NULL, it returns data about the database starting with object(mysqli)#1 (19) { ["affected_rows"]=> int(0), and then continuing with lots of rows.

Kevin
  • 40,904
  • 12
  • 48
  • 67
invidious
  • 231
  • 1
  • 4
  • 11

1 Answers1

7

Currently, $connect is out of scope, just add it in the parameter:

$connect = new mysqli('localhost', 'shop', 'password', 'zen');
function cleanInput($connect, $string = '') {
    if(!empty($string)) {
        $stripsql = $connect->real_escape_string($string);
        return $stripsql;
    }
}
$my_string = 'your string here';
$escaped_string = cleanInput($connect, $my_string);

Sidenote: Or if you can, you can also use prepared statements.

Kevin
  • 40,904
  • 12
  • 48
  • 67
  • What is the difference between your code and adding `global $connect;` in the function? – invidious Mar 13 '15 at 03:11
  • 1
    Avoid using `global`, you should pass the variable via function constructors or object properties (if you are using OO). Further reading: http://stackoverflow.com/questions/5341131/php-performance-and-memory-issue-with-global-variables and http://stackoverflow.com/questions/2216340/the-advantage-disadvantage-between-global-variables-and-function-parameters-in – Raptor Mar 13 '15 at 03:12
  • 1
    ...and http://stackoverflow.com/q/1557787/ `&&` http://tomnomnom.com/posts/why-global-state-is-the-devil-and-how-to-avoid-using-it @invidious – Funk Forty Niner Mar 13 '15 at 03:13
  • 1
    @invidious here's a very good and eloquent answer by deceze, this should give you a very good insight http://stackoverflow.com/questions/12445972/stop-using-global-in-php/12446305 – Kevin Mar 13 '15 at 03:15
  • I'm now getting `Warning: Missing argument 2 for cleanInput(), called in`. – invidious Mar 13 '15 at 03:32
  • @invidious very simple to use, first argument you feed the connection itself, second, you use that variable which contains the string you need to be escaped – Kevin Mar 13 '15 at 03:34
  • I'm doing that, using the code as you gave it, but am receiving that error now. – invidious Mar 13 '15 at 03:35
  • @invidious just check the second argument if its not empty of if its defined – Kevin Mar 13 '15 at 03:41
  • Thank you so much... It was unrelated. – invidious Mar 13 '15 at 03:45