PHP mysql_* converting to mysqli fatal error

Question

I have my mysql_* converting to mysqli, but I encounter below issue.

php class (Functions.php):

class Functions{

    public static function filter($data){
        $data = trim(htmlentities(strip_tags($data)));

        if(get_magic_quotes_gpc())
            $data = stripslashes($data);
            $data = $mysqli->real_escape_string($data);

            return $data;
        }

}

DB connection (dbconnect.php):

$dbhost = 'localhost';
$dbuser = 'xxxxxx';
$dbpass = 'xxxxxx';
$dbname = 'xxxxxx';

$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname);

if(mysqli_connect_errno()){
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

I include above file in header.php like

include('inc/dbconnect.php');
include('inc/Functions.php');

I had my page call the class function like:

$params = Functions::filter($_GET['param']);

I got this error when I load the page:

Fatal error: Call to a member function real_escape_string() on a non-object in C:\\xampp\\htdocs\\site\\inc\\functions.php on line XX

Isn't I already created an object for mysqli in dbconnect.php? why it show this error? it happen to all related mysqli in Functions.php.

Please advise, many thanks.

Answer 1

You've created mysqli object in the global scope, so you have to add global $mysqli; to your method or use $GLOBALS['mysqli'] instead:

public static function filter($data) {
    global $mysqli;

    $data = trim(htmlentities(strip_tags($data)));

    if(get_magic_quotes_gpc())
        $data = stripslashes($data);
        $data = $mysqli->real_escape_string($data);

        return $data;
    }
}

But I suggest passing the object as an function argument:

public static function filter($data, $mysqli) {
    $data = trim(htmlentities(strip_tags($data)));

    if(get_magic_quotes_gpc())
        $data = stripslashes($data);
        $data = $mysqli->real_escape_string($data);

        return $data;
    }
}

and then:

$params = Functions::filter($_GET['param'], $mysqli);

Answer 2

You are trying to make $mysqli accessible from the global scope therefore you should declare global $mysqli inside the Functions::filter method.

The use of static classes and globals is highly discouraged when possible. You can edit your Functions class to be more OOP oriented by:

class Functions {

    private $mysqli;

declaring a private property to hold the mysqli object. Notice that we cannot allow NULL there. Therefore we need to declare a constructor to initialize our property:

    public function __construct(mysqli $mysqli_) {
        $this->mysqli = $mysqli_;
    }

which, with the type hinting, will avoid anything that is not an object of mysqli to be passed as parameter. Now we just need to make the filter method an instance method:

    public function filter($data){
        $data = trim(htmlentities(strip_tags($data)));

        if(get_magic_quotes_gpc())
            $data = stripslashes($data);
            $data = $this->mysqli->real_escape_string($data);

        return $data;
    }

}

Notice that $mysqli is now $this->mysqli because we are using the instance property of the class.