mysqli_error() connection info

Question

I am converting PHP code from mysql_ to mysqli_. My DB connection is in a separate file, named "conn.inc" in a parent folder of my regular code. The code in it is ::

function GetDBConn($host="localhost", $user="mydb", $pass="mypass", $db="mydb")   {

    return $dbconn = @mysqli_connect($host, $user, $pass, $db);
    mysqli_close($dbconn);

}

In my code files, I have include_once ("../conn.inc"); .

I have code like -

$AuditInsertQ = mysqli_query(GetDBConn(),"INSERT INTO audit (userid, notes) VALUES (\"".$userid."\",  \"".$notes."\")") or die("Error inserting row to Audit: ".mysqli_error($dbconn));

When I run the code, I get a message that ::

PHP Notice:  Undefined variable: dbconn in C:\...

All of the examples I have seen have the DB connection in the same file as the code it was referencing. How do I reference the DB connection when it is in a different file; I thought the "include_once" was the way...?

Your Common Sense · Accepted Answer · 2019-10-29T09:38:59.553

There is so much wrong in this code I don't even know where to start.

no need for mysqli_error() at all
no need for a function like GetDBConn()
mysqli_close() right after connect makes no sense. Thanks to return operator, it never gets called though
die() is harmful
@ operator is harmful
the file extension for conn.inc is harmful
the way you are adding variables to your query is most harmful of them all

I know it's hard to find a good tutorial. Internet is full of crappy outdated information. I am writing good tutorials, but Google don't know they are good and don't show them to you. Well at least I can give it to you here in my answer.

Three things you must understand about modern mysqli

mysqli can report its errors automatically, no need for mysqli_error()
a connection must be made only once, it means there is no use for a function like this
no variable should be added to the query directly. You have to use prepared statements with placeholders for the purpose.

In order to fix your code,

please read this post. It doesn't explain why you should use prepared statements but take my word for it
then read my tutorial on how to connect with mysqi properly
rename your file to conn.php or anyone will be able to see your database credentals

Then rewrite your code to

include_once ("../conn.php");
$stmt = $mysqli->prepare("INSERT INTO audit (userid, notes) VALUES (?,?)");
$stmt->bind_param("ss", $userid,$notes);
$stmt->execute();

For the explanation on what is going on in this code please see my tutorial on how to run an INSERT query with mysqli

score 0 · Answer 2 · answered Oct 29 '19 at 04:28

In you function GetDBConn it return a mysql resource, not define a $dbconn variable for you.

Use something like mysqli_query($dbconn = GetDBConn(),"INSERT INTO audit ....

Note

function GetDBConn($host="localhost", $user="mydb", $pass="mypass", $db="mydb")   {

    return $dbconn = @mysqli_connect($host, $user, $pass, $db);
    mysqli_close($dbconn);

}

$dbconn is only avaliable in the function, it cannot be accessed outside the function, so define it here is useless.
mysqli_close($dbconn); will never reached.

mysqli_error() connection info

2 Answers2