I am programming procedurally with mysqli connection (i will learn OOP for this, but now i need to know it in the procedural way) and i have to use mysqli_real_escape_string TONS of times in order to protect every query.
I just made this function after the connection happens in order to take less space (more organized) and time to write each:
$con = @mysqli_connect($mysql_server, $mysql_user, $mysql_password, $mysql_database);
function sql_escape($string) {
global $con;
return mysqli_real_escape_string($con, $string);
}
Is this okay? I've read that globalizing variables is not good, i don't see why i couldn't do this.
Thanks in advance!
looks OK as long as you only use one database connection in your script.
globals are bad style? Well, it's php code which is an automatic negative 5 points to start with :)