How to use prepare statement for this code?

piao0011 · July 31, 2018, 5:19am

Hey guys!

Is there a way to use prepare statement for the following line of codes?

function mss($value) {
	return mysqli_real_escape_string(trim(strip_tags($value)));
}

piao0011 · July 31, 2018, 5:41am

I have the following error… mysqli requires 2 parameters but when I add my database connection $conn, it still says undefined variable $conn… How can i do this without using a function?

ckhawand · July 31, 2018, 9:27am

That’s not a prepared statement, but you can fix the error by adding the $connection value to mysqli_real_escape_string
Because by definition, here is how to use it
mysqli_real_escape_string($conn, $value);

piao0011 · July 31, 2018, 9:32am

I did that but still got an error…

ckhawand · July 31, 2018, 9:33am

What variable are you using to connect?
$… = mysqli_connect…

piao0011 · July 31, 2018, 9:34am

my database connection name is $conn but I have an undefined variable error of $conn

ckhawand · July 31, 2018, 9:36am

Try

function mss($conn, $value) {
	return mysqli_real_escape_string($conn, trim(strip_tags($value)));
}

And when you want to use the function:

mss($conn, $value);

piao0011 · July 31, 2018, 9:48am

What does this do anyway? Is it important to do this if I am using prepared statement?

ckhawand · July 31, 2018, 9:49am

If you are using prepared statements, this is useless

Join the Conversation

A community of people sharing their web development knowledge.

How to use prepare statement for this code?