Home/ Questions/Q 1048441
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T16:27:20+00:00

I’m working with someone else’s database connection PHP function that works fine as long

  • 0

I’m working with someone else’s database connection PHP function that works fine as long as I pass it at least three arguments. If I pass it two argument, then the apache log says:

mysql_real_escape_string() expects parameter 2 to be resource, null given

I need the function to take a SQL query like so:

$sql = DatabaseManager::prepare("SELECT * FROM sometable WHERE somevar = %d", $var);

and prepare it for safe execution. Can someone help make it accept two arguments?

public static function prepare($query = null) { // ( $query, *$args )

    $args = func_get_args();

    array_shift($args);

    // If args were passed as an array (as in vsprintf), move them up
    if ( isset($args[0]) && is_array($args[0]) ){
        $args = $args[0];
    }

    $query = str_replace("'%s'", '%s', $query); // in case someone mistakenly already singlequoted it
    $query = str_replace('"%s"', '%s', $query); // doublequote unquoting
    $query = str_replace('%s', "'%s'", $query); // quote the strings

    for($i=0; $i<count($args); $i++){
        $args[$i] = mysql_real_escape_string($args[$i], self::$currentCon);
    }

    //array_walk($args, array(&$this, 'mysql_real_escape_string'));

    return @vsprintf($query, $args);
}

Thanks a ton!

EDIT

As deceze points out, this is about self::$currentCon) and means that a database connection is coming back null

I’ve tried this multiple times. Still curious about why this works:

$sql = DatabaseManager::prepare("SELECT * FROM sometable WHERE id = ".$somevar);

but this fails:

$sql = DatabaseManager::prepare("SELECT * FROM sometable WHERE somevar = %d", $var);

How would that affect self::$currentCon)?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    mysql_real_escape_string() expects parameter 2 to be resource, null given

    That’s a completely different problem than the number of arguments a function accepts. Read it again:

    mysql_real_escape_string() expects parameter 2 to be resource, null given

    It refers to this line:

    mysql_real_escape_string($args[$i], self::$currentCon);

    The second parameter for mysql_real_escape_string, i.e. self::$currentCon, should be a reference (a resource) to an open MySQL connection. In this case though it was null.

    This means there’s some problem with self::$currentCon. Either there’s a problem in the code that sets self::$currentCon, or your database configuration details (username, password, socket, etc.) are wrong and a connection to the database couldn’t be established, hence self::$currentCon is null.

    This problem should’ve been caught much earlier, at the time the database connection was supposed to be established, but the author seems to be a fan of error suppression, so the problem only manifests itself here.

    The moral of the story:

    • Always read error messages thrice.
    • Always give the exact error message when asking a question.
    • Don’t suppress errors.

    🙂

    • 0