LordDan Posted February 2, 2011 Posted February 2, 2011 Hey guys, Do any of you know a method to escape an array using MySQLi? For normal MySQL I'm using array_map public function escapeArray( $array ) { return array_map( "mysql_real_escape_string", $array ); } However, I'm having trouble doing the same thing for MySQLi as I'm using the OO method, not procedural. public function escapeArray( $array ) { return array_map( "$this->_mysqli->real_escape_string", $array ); } Quote
a_bertrand Posted February 2, 2011 Posted February 2, 2011 normally with MySQLi you don't escape data as you pass them as query parameters which in returns avoid SQL injections: http://www.php.net/manual/en/mysqli-stmt.bind-param.php Quote
Djkanna Posted February 2, 2011 Posted February 2, 2011 <?php //Some connection/class info etc if ( $ins = $db->prepare ('INSERT INTO `table` (`string`, `string`, `int`) VALUES (?,?,?)') ) { $ins->bind_param('ssi', $strA, $strB, $int); $ins->execute(); //Do more if needed $ins->close(); } else { //An error has occurred. //$db->error; } Quote
doublet Posted February 4, 2011 Posted February 4, 2011 If i remeber correctly you should use it like this: array_map(array($this, "_mysqli->real_escape_string"), $array); Quote
a_bertrand Posted February 5, 2011 Posted February 5, 2011 Nope doublet you should do it like Djkanna said. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.