How to avoid string in mysqli

Question

How to avoid string in mysqli

In the old mysql () code, to avoid the line, I did this:

t.TeacherUsername = '".mysql_real_escape_string($teacherusername)."'

I am changing my code to mysqli, but what I want to know for sure and be safe to avoid a line in mysqli is as follows:

 t.TeacherUsername = '".mysqli_real_escape_string($teacherusername)."'

Also for connecting to mysqli database it looks like this:

 $username="xxx"; $password="xxx"; $database="xxx"; mysqli_connect('localhost',$username,$password); mysqli_select_db($database) or die( "Unable to select database");

All I did was change mysql to mysqli, is this correct?

UPDATE:

Now this is the correct way to connect to the database using mysqli:

 $username="xxx"; $password="xxx"; $database="mobile_app"; $mysqli = new mysqli("localhost", $username, $password, $database); if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit(); }

+4

php mysqli

user1394925 Jun 06 '12 at 14:37

source share

1 answer

Sirdarius · Accepted Answer · 2012-06-06T14:40:15+0000

Your use of the function is incorrect.

You MUST use the mysqli reference resource returned by mysqli_connect as the first parameter in mysqli_real_escape_string .

Example:

 $username="xxx"; $password="xxx"; $database="xxx"; $my = mysqli_connect('localhost',$username,$password); mysqli_select_db($my, $database) or die( "Unable to select database"); $t->TeacherUsername = "'" . mysqli_real_escape_string($my, $teacherusername). "'";

How to avoid string in mysqli

More articles: