How to use a class method inside a function (PHP)?

I am trying to use the new PHP extension mysqli. I have a (safe ()) function that uses mysql_real_escape_string recursively to keep strings safe. How do I use my mysqli connection inside this function to call the mysqli :: escape_string () function?

Example:

$db = new mysqli($host,$user,$password,$database_name);


function safe ($data) {
  if(!is_array($data)) {
     if(!get_magic_quotes_gpc()) {
       $data = **mysqli::escape_string($data)**
       return $data;
    }
  } else {
    return array_map('safe',$data);
  }
}

      

Where do I have mysqli :: escape_string () inside safe (), how can I call this? Outside the function, it would be $ db-> escape_string (), but I can't find a way to call it insde. I tried to pass $ db to the function by making $ db global etc. An alternative is to use the procedural mysqli_escape_string (), but this requires the mysqli link resource to be explicitly passed to it, but I can't find a way to access this.

+2


source to share


5 answers


pass your DB object to the function.



 function safe ($data, $db) {
  if(!is_array($data)) {
     if(!get_magic_quotes_gpc()) {
       $data = $db->escape_string($data);
    }
  } else {
    return array_map('safe',$data);
  }
}

      

+6


source


I would extend the mysqli class:

class mysqliA extends mysqli{
    function escape_string($data){
        if(!is_array($data)) {
            if(!get_magic_quotes_gpc()) {
                $data = $this->escape_string($data);
                return $data;
            }
        } else {
            return $this->escape_string($data);
        }
    }
}

      



this way you just need to call

$db = new mysqliA();
$db->escape_string($data);

      

+1


source


I don't want to encourage you to use globals, but if you want to access $db

from a safe function, you will need to put it global $db;

at the beginning of the function.

Result:

$db = new mysqli($host,$user,$password,$database_name);

function safe ($data) {

  global $db;

  if(!is_array($data)) {
     if(!get_magic_quotes_gpc()) {
       $data = $db->escape_string($data);
       return $data;
    }
  } else {
    return array_map('safe',$data);
  }
}

      

Please note that globals are considered evil and should not be used.

What should you use? Well, for your use case, a registry pattern (remember this later) is probably the best fit. But to get you started with object-oriented programming, you should try the following:

class myClass {

    protected $db;

    public function __construct() {
        $this->db = new mysqli($host,$user,$password,$database_name);
    }


    function safe ($data) {

      if(!is_array($data)) {
         if(!get_magic_quotes_gpc()) {
           $data = $this->db->escape_string($data);
           return $data;
        }
      } else {
        return array_map('safe',$data);
      }
    }
}

      

I highly recommend that you learn more about Object Oriented Programming as it will help you write better and reusable code.

Hope I can help.

0


source


if i extend the class i got:

Notice: Undefined variable: db in *file path* on line 22

Fatal error: Call to a member function escape_string() on a non-object in *file path* on line 22

      

line 22 where the function

If I pass the mysqli object, I get:

Warning: Missing argument 2 for safe() in *file path* on line 17

Notice: Undefined variable: db in *file path* on line 22

Fatal error: Call to a member function escape_string() on a non-object in *file path* on line 22

      

My function call:

                    $item[$form] = safe($item[$form],$db);

      

so the second var is clearly missing

And I can't seem to build a class around the function and initialize a new mysqli connection (which at least looks like a height of inefficiency anyway) because I have to make a safe () static function to make it a valid callback for array_map () and the syntax doesn't work for this line:

$data = $this->db->escape_string($data);

      

Have tried

$data = $this->db->escape_string($data);
$data = self::db::escape_string($data);
$data = self::db->escape_string($data);

      

0


source


Create public function in db class file

function escape($string)
    {
        return $this->connection->real_escape_string($string);

    }

      

and you can use it like this

function safe()

    {
            $id=$this->mysqli->escape($this->id);

            $status=$this->mysqli->escape($this->status);

            $shortcode=$this->mysqli->escape($this->shortcode);



     }

      

using the function depends on how you are going to use it

0


source







All Articles