Databases
StackOverflow2013
Postsdbo
POPHP mysqli->real_escape_string when using sessions saved in the DB
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POPHP mysqli->real_escape_string when using sessions saved in the DB
    primarykey
    data
    text
    <p>Ok, I hope I've got everything listed up nicely before posting this question because I've found bits and pieces of a solution here and there but no real answer to my issue.</p> <p>1: I'm using a singleton MySQL connection with mysqli, not using stored procedures;</p> <p>2: I found code online explaining session_set_save_handler and have embedded it as a class called MySqlSessionStore;</p> <p>3: in my DB class there is this public function:</p> <pre><code>public function escapeStringForDB($input) { return $this-&gt;_link-&gt;real_escape_string($input); } </code></pre> <p>and <code>$this-&gt;_link = new mysqli($host, $user, $password, $database)</code></p> <p>4:<code>$db = MySQL::getInstance(array(DB_SERVER, DB_USER, DB_PASS, DB_NAME));</code> This is how I call the static DB function (nothing out of the ordinary here)</p> <p><strong>Problem</strong>: everything works until I uncomment <code>$id = $db-&gt;escapeStringForDB($id);</code>, then the following error occurs:</p> <p><strong>Call to a member function real_escape_string() on a non-object</strong></p> <p>Example code from MySqlSessionStore:</p> <pre><code>function read($id) { $db = MySQL::getInstance(array(DB_SERVER, DB_USER, DB_PASS, DB_NAME)); $id = $db-&gt;escapeStringForDB($id); $db-&gt;query("SELECT data FROM sessions WHERE BINARY id = '". $id ."'"); //echo "SELECT data FROM sessions WHERE id = '". $id ."'"; $result = $db-&gt;fetch(); if(isset($result) &amp;&amp; !empty($result)) { return $result-&gt;data; } //MUST send an empty string if no session data return ""; } </code></pre> <p>Other questions, remarks:</p> <ul> <li>I'm using session_regenerate_id() but apparently this needs to be removed with session_set_save_handler;</li> <li>Where exactly do I put <code>session_write_close();</code> ? I've got it in the destructor of my db class, but maybe that isn't the way to go;</li> <li>I'm using this without harm on other projects, but here it seems the session handler behavior is different and confusing me :)</li> </ul> <p>Thanks in advance, if you need more info I'll gladly provide it.</p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USqwertzman
    1. USqwertzman
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload