Hi,

What should I pass in the param1 for this function i.e.
$escapedString = mysqli_real_escape_string($param1, $escapedString);

Also, how does vbulletin escape all the strings using which functions? Thanks for the help.

Here's some info:

http://us2.php.net/manual/en/mysqli.real-escape-string.php

Maybe you want to do it some other way so you don't need the link identifier

If using the other way, I would still need to define:

$mysqli = new mysqli("localhost", "my_user", "my_password", "world");

Does vBulletin has any pre-defined mysqli so that I can call $mysqli->real_escape_string($escapeString)?

As I was looking around in includes/class_core.php looking for the variable name for the 1st parameter I found this, which is in the methods for mysqli


/**
* Escapes a string to make it safe to be inserted into an SQL query
*
* @param string The string to be escaped
*
* @return string
*/
function escape_string($string)
{
return $this->functions['real_escape_string']($this->connection_master, $string);
}


so just use $vbulletin->db->escape_string(), it should work for mysqli