How to use a class method inside a function (PHP)?
I am trying to use the new PHP extension mysqli. I have a (safe ()) function that uses mysql_real_escape_string recursively to keep strings safe. How do I use my mysqli connection inside this function to call the mysqli :: escape_string () function?
Example:
$db = new mysqli($host,$user,$password,$database_name);
function safe ($data) {
if(!is_array($data)) {
if(!get_magic_quotes_gpc()) {
$data = **mysqli::escape_string($data)**
return $data;
}
} else {
return array_map('safe',$data);
}
}
Where do I have mysqli :: escape_string () inside safe (), how can I call this? Outside the function, it would be $ db-> escape_string (), but I can't find a way to call it insde. I tried to pass $ db to the function by making $ db global etc. An alternative is to use the procedural mysqli_escape_string (), but this requires the mysqli link resource to be explicitly passed to it, but I can't find a way to access this.
I would extend the mysqli class:
class mysqliA extends mysqli{
function escape_string($data){
if(!is_array($data)) {
if(!get_magic_quotes_gpc()) {
$data = $this->escape_string($data);
return $data;
}
} else {
return $this->escape_string($data);
}
}
}
this way you just need to call
$db = new mysqliA();
$db->escape_string($data);
source to share
I don't want to encourage you to use globals, but if you want to access $db
from a safe function, you will need to put it global $db;
at the beginning of the function.
Result:
$db = new mysqli($host,$user,$password,$database_name);
function safe ($data) {
global $db;
if(!is_array($data)) {
if(!get_magic_quotes_gpc()) {
$data = $db->escape_string($data);
return $data;
}
} else {
return array_map('safe',$data);
}
}
Please note that globals are considered evil and should not be used.
What should you use? Well, for your use case, a registry pattern (remember this later) is probably the best fit. But to get you started with object-oriented programming, you should try the following:
class myClass {
protected $db;
public function __construct() {
$this->db = new mysqli($host,$user,$password,$database_name);
}
function safe ($data) {
if(!is_array($data)) {
if(!get_magic_quotes_gpc()) {
$data = $this->db->escape_string($data);
return $data;
}
} else {
return array_map('safe',$data);
}
}
}
I highly recommend that you learn more about Object Oriented Programming as it will help you write better and reusable code.
Hope I can help.
source to share
if i extend the class i got:
Notice: Undefined variable: db in *file path* on line 22
Fatal error: Call to a member function escape_string() on a non-object in *file path* on line 22
line 22 where the function
If I pass the mysqli object, I get:
Warning: Missing argument 2 for safe() in *file path* on line 17
Notice: Undefined variable: db in *file path* on line 22
Fatal error: Call to a member function escape_string() on a non-object in *file path* on line 22
My function call:
$item[$form] = safe($item[$form],$db);
so the second var is clearly missing
And I can't seem to build a class around the function and initialize a new mysqli connection (which at least looks like a height of inefficiency anyway) because I have to make a safe () static function to make it a valid callback for array_map () and the syntax doesn't work for this line:
$data = $this->db->escape_string($data);
Have tried
$data = $this->db->escape_string($data);
$data = self::db::escape_string($data);
$data = self::db->escape_string($data);
Create public function in db class file
function escape($string)
{
return $this->connection->real_escape_string($string);
}
and you can use it like this
function safe()
{
$id=$this->mysqli->escape($this->id);
$status=$this->mysqli->escape($this->status);
$shortcode=$this->mysqli->escape($this->shortcode);
}
using the function depends on how you are going to use it
source to share