wes629

I'm not familiar on prepared statements yet, right now I'm just trying to learn php then I'll get into prepared statements once I understand how everything works... I'm a hands on learner, so I have to break a couple things ... And yes, you're right about creating the new connection every time is very inefficient, but for mysqli_real_escape_string you have to put your mysqli_connection before the string and even when I remove the $link variable from line 11 and 12 i get the "Fatal error: Function name must be a string" Then let's say I remove the $link variable from line 11, then line 12 says undefined index for $link even though it's defined on line 8. ...unless I'm missing something? $link = mysqli_connect("localhost","root","","test"); function protect ($string) { $link = mysqli_connect("localhost","root","","test"); return mysqli_real_escape_string($link, $_POST($string)); }

okay, you're absolutely right, i didn't have a protect function that had the $_POST variable, which cleared the illegal offset. I guess what i thought is that if I had the $_POST variable in the function, i wouldn't need to put it when i did the protect function. Later on I ended up changing the function to this: function protect ($string) { $link = mysqli_connect("localhost","root","","test"); return mysqli_real_escape_string($link, strip_tags(addslashes($string))); } because I i wanted to strip or trim the tags to add a little more security. I really appreciate the response. I'm learning a lot from the forums. thanks!

I'm new to PHP so noob question here. I'm receiving an illegal offset warning on line 12 (return statement). I've looked on w3 and php manual but I'm getting nowhere. Help? function protect ($string) { $link = mysqli_connect("localhost","root","","test"); return mysqli_real_escape_string($link,$_POST[$string]); }