满足mysqli_real_escape_string参数错误的正确结构

Question

I am having a structure issue with implementing parameters for a `mysqli_real_escape_string. The place I'm using in is within a function like such:

    /**
     * Clean the array using mysql_real_escape_string
     *
     * Cleans an array by array mapping mysql_real_escape_string
     * onto every item in the array.
     *
     * @param array $array The array to be cleaned
     * @return array $array The cleaned array
     */

    function clean($array) 
    {
        return array_map('mysqli_real_escape_string', $array);
    }

I get a double warning of this:

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\\vhosts\\goodgirls1\\core\\database\\db.php on line 59

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\\vhosts\\goodgirls1\\core\\database\\db.php on line 59

So, I tried this instead to see if I could satisfy the error:

function clean($array) {
        return array_map(mysqli_real_escape_string(mysqli_connect('localhost', DB_USER, DB_PASS)), $array);
    }

It seems to have satisfied it, but now I get this warning:

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\\vhosts\\goodgirls1\\core\\database\\db.php on line 59

And this is where I'm now lost. What do I give mysqli_real_escape_string to make it happy? If I give it an incorrect missing parameter, then my array seems to blow up. I would appreciate some advice on how to proceed from here. Thanks!

Answer 1

function clean($array) {
    $connection = mysqli_connect('localhost', DB_USER, DB_PASS);
    return array_map(
        function($value) use ($connection) {
            return mysqli_real_escape_string($connection, $value);
        },
        $array
    );
}

But (as you're already using MySQLi) consider using prepared statements/bind variables instead