Quick question, I was wondering what were the 2 parameters in mysqli_real_escape_string.
For example, here is my code:

$report = mysql_real_escape_string($_POST['winner']); // Escapes special characters

However, I need to have 2 parameters, meaning it should be something like

$report = mysql_real_escape_string($mysqli, $_POST['winner']); // Escapes special characters

However, $mysqli doesn't seem to be the variable I'm looking for with MyBB.
What is a variable I can use that will represent a connection with MyBB?
Just use this:

global $mybb, $db;

$report = $db->escape_string($mybb->get_input('winner'));

String escaping is built in to the database class and uses mysql_real_escape_string() under the hood.

Forum Jump:

Users browsing this thread: 1 Guest(s)