0

I have my mysql_* converting to mysqli, but I encounter below issue.

php class (Functions.php):

class Functions{

    public static function filter($data){
        $data = trim(htmlentities(strip_tags($data)));

        if(get_magic_quotes_gpc())
            $data = stripslashes($data);
            $data = $mysqli->real_escape_string($data);

            return $data;
        }

}

DB connection (dbconnect.php):

$dbhost = 'localhost';
$dbuser = 'xxxxxx';
$dbpass = 'xxxxxx';
$dbname = 'xxxxxx';

$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname);

if(mysqli_connect_errno()){
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

I include above file in header.php like

include('inc/dbconnect.php');
include('inc/Functions.php');

I had my page call the class function like:

$params = Functions::filter($_GET['param']);

I got this error when I load the page:

Fatal error: Call to a member function real_escape_string() on a non-object in C:\xampp\htdocs\site\inc\functions.php on line XX

Isn't I already created an object for mysqli in dbconnect.php? why it show this error? it happen to all related mysqli in Functions.php.

Please advise, many thanks.

Improve this question
3
  • 2
    you're not supposed to do it that way with mysqli, but to use prepared statements/parameterized queries. otherwise you kinda miss the point Commented Mar 23, 2013 at 20:59
  • You've created mysqli object in the global scope, so you have to add global $mysqli; to your method or use $GLOBALS['mysqli'] instead. But I suggest passing the object as an function argument Commented Mar 23, 2013 at 21:03
  • Can I have practice sample work around? Commented Mar 23, 2013 at 21:07

2 Answers 2

Reset to default
1

You've created mysqli object in the global scope, so you have to add global $mysqli; to your method or use $GLOBALS['mysqli'] instead:

public static function filter($data) {
    global $mysqli;

    $data = trim(htmlentities(strip_tags($data)));

    if(get_magic_quotes_gpc())
        $data = stripslashes($data);
        $data = $mysqli->real_escape_string($data);

        return $data;
    }
}

But I suggest passing the object as an function argument:

public static function filter($data, $mysqli) {
    $data = trim(htmlentities(strip_tags($data)));

    if(get_magic_quotes_gpc())
        $data = stripslashes($data);
        $data = $mysqli->real_escape_string($data);

        return $data;
    }
}

and then:

$params = Functions::filter($_GET['param'], $mysqli);
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks..it fix the error, does it means I have to use this way in all kind of class method or function?
@conmen, no it's very bad practice to use globals. Just follow the tips in my answer.
It's good practise to inject dependencies into class/method, and not rely on existance of some global variable.
0

You are trying to make $mysqli accessible from the global scope therefore you should declare global $mysqli inside the Functions::filter method.

The use of static classes and globals is highly discouraged when possible. You can edit your Functions class to be more OOP oriented by:

class Functions {

    private $mysqli;

declaring a private property to hold the mysqli object. Notice that we cannot allow NULL there. Therefore we need to declare a constructor to initialize our property:

    public function __construct(mysqli $mysqli_) {
        $this->mysqli = $mysqli_;
    }

which, with the type hinting, will avoid anything that is not an object of mysqli to be passed as parameter. Now we just need to make the filter method an instance method:

    public function filter($data){
        $data = trim(htmlentities(strip_tags($data)));

        if(get_magic_quotes_gpc())
            $data = stripslashes($data);
            $data = $this->mysqli->real_escape_string($data);

        return $data;
    }

}

Notice that $mysqli is now $this->mysqli because we are using the instance property of the class.

Improve this answer

3 Comments

I try your tips but getting this error Catchable fatal error: Argument 1 passed to Functions::__construct() must be an instance of mysqli, none given...
@conmen, yes, because you didn't passed a valid mysqli object to the constructor. Have you even tried with $functions = new Functions($mysqli); $params = $functions->filter($_GET['param']);?
now is another error, Fatal error: Cannot access empty property

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.