LordDan Posted February 2, 2011 Share Posted February 2, 2011 Hey guys, Do any of you know a method to escape an array using MySQLi? For normal MySQL I'm using array_map public function escapeArray( $array ) { return array_map( "mysql_real_escape_string", $array ); } However, I'm having trouble doing the same thing for MySQLi as I'm using the OO method, not procedural. public function escapeArray( $array ) { return array_map( "$this->_mysqli->real_escape_string", $array ); } Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted February 2, 2011 Share Posted February 2, 2011 normally with MySQLi you don't escape data as you pass them as query parameters which in returns avoid SQL injections: http://www.php.net/manual/en/mysqli-stmt.bind-param.php Quote Link to comment Share on other sites More sharing options...
Djkanna Posted February 2, 2011 Share Posted February 2, 2011 <?php //Some connection/class info etc if ( $ins = $db->prepare ('INSERT INTO `table` (`string`, `string`, `int`) VALUES (?,?,?)') ) { $ins->bind_param('ssi', $strA, $strB, $int); $ins->execute(); //Do more if needed $ins->close(); } else { //An error has occurred. //$db->error; } Quote Link to comment Share on other sites More sharing options...
doublet Posted February 4, 2011 Share Posted February 4, 2011 If i remeber correctly you should use it like this: array_map(array($this, "_mysqli->real_escape_string"), $array); Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted February 5, 2011 Share Posted February 5, 2011 Nope doublet you should do it like Djkanna said. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.