mysqli_real_escape_string when using $_GET and custom SQL queries

2 posts by 2 authors in: Forums > CMS Builder
Last Post: May 30, 2018   (RSS)

By netsoftservices - May 25, 2018

Hi All,

I am creating some custom queries to the CMS database and want to make sure they are clean and safe.

How do I get the $link var that is needed for mysqli to do the escaping?

mysqli_real_escape_string( $link, $_POST['some_info'])
I have searched the forum and found info on the old mysql_real_escape_string() function, but would like to use the newer function since you all went through the trouble to update CMSBuilder to user MySQLi.

Thanks for any info.


By leo - May 30, 2018


In the newer version of CMS, we use mysqli() to handle the connection. So instead of using mysqli_real_escape_string($link, $_POST['some_info']), you can call mysqli()->real_escape_string($_POST['some_info']).

Let me know if you have any questions!


Leo - PHP Programmer (in training)