Getsqlvaluestring / mysqli_real_escape_string / Notice: Undefined variable: mysqli

Asked

Viewed 325 times

1

I am trying to convert a function to Mysqli, to use with PHP7.1. I am having difficulties with mysqli_real_escape_string, and mysqli_escape_string.

Error:

Notice: Undefined variable: mysqli in config.php on line 16

Warning: mysqli_escape_string() expects Parameter 1 to be mysqli, null Given in > config.php on line 16

CONFIG.PHP FILE

require_once('Connections/conexao.php');

$mysqli = new mysqli($hostname_conexao,$username_conexao,$password_conexao,$database_conexao); if($mysqli->connect_error){echo "Erro";exit();}

if (!function_exists("GetSQLValueString")) {
    function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
    {
        if (PHP_VERSION < 6) {
            $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
        }

        $theValue = function_exists("mysql_real_escape_string") ? mysqli_real_escape_string($mysqli, $theValue) : mysqli_escape_string($mysqli, $theValue);

        switch ($theType) {
            case "text":
                $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
                break;
            case "long":
            case "int":
                $theValue = ($theValue != "") ? intval($theValue) : "NULL";
                break;
            case "double":
                $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
                break;
            case "date":
                $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
                break;
            case "defined":
                $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
                break;
        }
        return $theValue;
    }
}

What I need to do?

2 answers

1

Exchange the mysql for mysqli, I believe it’s a misspelling of yours.

Would look like this:

$theValue = function_exists("mysqli_real_escape_string") ? mysqli_real_escape_string($mysqli, $theValue) : mysqli_escape_string($mysqli, $theValue);

In oriented object mode, it asks only one parameter, it would look like this:

$theValue = function_exists("mysqli_real_escape_string") ? mysqli->real_escape_string($theValue) : mysqli->escape_string($theValue);
  • I saw the misspelling, but the error continues.

  • Before performing the function, check the value of $theValue.

  • I use the function at the time of registering and updating the table like this GetSQLValueString($_POST['kg'], "text"),.

  • I edited my answer, see if it works now.

1


The problem is that the function GetSQLValueString is trying to access a variable that is outside of it, ie the variable is in a different scope, to adjust use the global thus:

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{

     global $mysqli;

You can also try other approaches like OOP, but this is another story, it’s just a suggestion.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.