'Converting a mysql_real_escape_string function to mysqli
I have the following code, within a larger php script:
$FullSQL = $inSQL;
foreach($ROW as $item) {
$ItemName = (string)$item->getName();
$fieldValue = $ROW->$ItemName;
$FullSQL = $FullSQL . "'" . mysql_real_escape_string($fieldValue) . "', ";
}
$inSQL_len = strlen($FullSQL) -2;
$FullSQL=substr($FullSQL, 0, $inSQL_len ) . ")";
echo "INSERTED FullSQL=" . $FullSQL . "<br><br>";
if (!mysqli_query($con,$FullSQL)) { die('Error insering tmporder: ' . $FullSQL . " ERROR:" . mysqli_error()); }
else {
echo "INSERTED inSQL=" . $FullSQL . "<br><br>";
}
}
}
I've managed to convert the whole script to mysqli, except that above section. As expected, the mysql_real_escape_string($fieldValue) part is generating a mysql depreciation error.
How to I convert that piece of code to use mysqli? It requires two variables, and there is only one.
Thanks.
Solution 1:[1]
What about
mysqli_real_escape_string ($con, $fieldValue);
Where $con is your link identifier returned by mysqli_connect() or mysqli_init().
If we compare syntax of mysqli_real_escape_string() and mysql_real_escape_string() we have
mysqli_real_escape_string ($link, $string);
mysql_real_escape_string ($string[, $link=NULL]);
So old function also had same arguments but in different order and $link was optional in deprecated version.
If you decide to use object style instead of procedural use it like this
$con = new mysqli ("host", "user", "pwd", "db");
...
$safe_string = $con->real_escape_string ($string);
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 |