mysqli_real_escape_string when using $_GET and custom SQL queries

2 posts by 2 authors in: Forums > CMS Builder
Last Post: May 30, 2018 (RSS)

Archived
Reply
Reply

By netsoftservices - May 25, 2018

Hi All,

I am creating some custom queries to the CMS database and want to make sure they are clean and safe.

How do I get the $link var that is needed for mysqli to do the escaping?

mysqli_real_escape_string( $link, $_POST['some_info'])
I have searched the forum and found info on the old mysql_real_escape_string() function, but would like to use the newer function since you all went through the trouble to update CMSBuilder to user MySQLi.

Thanks for any info.

Doug

Archived
Reply
Reply

By leo - May 30, 2018

Hi,

In the newer version of CMS, we use mysqli() to handle the connection. So instead of using mysqli_real_escape_string($link, $_POST['some_info']), you can call mysqli()->real_escape_string($_POST['some_info']).

Let me know if you have any questions!

Thanks,

Leo - PHP Programmer (in training)
interactivetools.com