mysqli_real_escape_string when using $_GET and custom SQL queries
I am creating some custom queries to the CMS database and want to make sure they are clean and safe.
How do I get the $link var that is needed for mysqli to do the escaping?
mysqli_real_escape_string( $link, $_POST['some_info'])
I have searched the forum and found info on the old mysql_real_escape_string() function, but would like to use the newer function since you all went through the trouble to update CMSBuilder to user MySQLi.
Thanks for any info.
In the newer version of CMS, we use mysqli() to handle the connection. So instead of using mysqli_real_escape_string($link, $_POST['some_info']), you can call mysqli()->real_escape_string($_POST['some_info']).
Let me know if you have any questions!