user1394925
Reputation: 752
how to escape string in mysqli
In old mysql() code, to escape a string, I did this:
t.TeacherUsername = '".mysql_real_escape_string($teacherusername)."'
I am changing my code to mysqli, but what I want to know for sure and to be safe, to escape a string in mysqli is it like this below:
t.TeacherUsername = '".mysqli_real_escape_string($teacherusername)."'
Also to connect to mysqli database is it like this below:
$username="xxx";
$password="xxx";
$database="xxx";
mysqli_connect('localhost',$username,$password);
mysqli_select_db($database) or die( "Unable to select database");
All I have done is change mysql to mysqli, is that correct?
UPDATE:
Is this now the correct way to connect to database using mysqli:
$username="xxx";
$password="xxx";
$database="mobile_app";
$mysqli = new mysqli("localhost", $username, $password, $database);
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
Upvotes: 4
Views: 10111
Answers (1)
SirDarius
Reputation: 42879
Your use of the function is incorrect.
You MUST use the mysqli link resource returned by mysqli_connect as the first parameter to mysqli_real_escape_string.
Example:
$username="xxx";
$password="xxx";
$database="xxx";
$my = mysqli_connect('localhost',$username,$password);
mysqli_select_db($my, $database) or die( "Unable to select database");
$t->TeacherUsername = "'" . mysqli_real_escape_string($my, $teacherusername). "'";
Upvotes: 4
Related Questions
- mysqli->real_escape_string
- PHP MySQLi escape quotes
- PHP:Mysqli_real_escape_string
- PHP mysqli_real_escape_string argument
- Getting an error using mysqli_escape_string function
- How to properly use mysqli_real_escape_string
- mysqli_escape_string how do i implement it?
- mysqli real escape string issues
- Using mysqli_escape_string error
- How to use mysqli_real_escape_string()?