Function won't accept less than three arguments

I'm w开发者_C百科orking with someone else's database connection PHP function that works fine as long as I pass it at least three arguments. If I pass it two argument, then the apache log says:

mysql_real_escape_string() expects parameter 2 to be resource, null given

I need the function to take a SQL query like so:

$sql = DatabaseManager::prepare("SELECT * FROM sometable WHERE somevar = %d", $var);

and prepare it for safe execution. Can someone help make it accept two arguments?

public static function prepare($query = null) { // ( $query, *$args )

    $args = func_get_args();

    array_shift($args);

    // If args were passed as an array (as in vsprintf), move them up
    if ( isset($args[0]) && is_array($args[0]) ){
        $args = $args[0];
    }

    $query = str_replace("'%s'", '%s', $query); // in case someone mistakenly already singlequoted it
    $query = str_replace('"%s"', '%s', $query); // doublequote unquoting
    $query = str_replace('%s', "'%s'", $query); // quote the strings

    for($i=0; $i<count($args); $i++){
        $args[$i] = mysql_real_escape_string($args[$i], self::$currentCon);
    }

    //array_walk($args, array(&$this, 'mysql_real_escape_string'));

    return @vsprintf($query, $args);
}   

Thanks a ton!

EDIT

As deceze points out, this is about self::$currentCon) and means that a database connection is coming back null

I've tried this multiple times. Still curious about why this works:

$sql = DatabaseManager::prepare("SELECT * FROM sometable WHERE id = ".$somevar); 

but this fails:

$sql = DatabaseManager::prepare("SELECT * FROM sometable WHERE somevar = %d", $var); 

How would that affect self::$currentCon)?

mysql_real_escape_string() expects parameter 2 to be resource, null given

That's a completely different problem than the number of arguments a function accepts. Read it again:

mysql_real_escape_string() expects parameter 2 to be resource, null given

It refers to this line:

mysql_real_escape_string($args[$i], self::$currentCon);

The second parameter for mysql_real_escape_string, i.e. self::$currentCon, should be a reference (a resource) to an open MySQL connection. In this case though it was null.

This means there's some problem with self::$currentCon. Either there's a problem in the code that sets self::$currentCon, or your database configuration details (username, password, socket, etc.) are wrong and a connection to the database couldn't be established, hence self::$currentCon is null.

This problem should've been caught much earlier, at the time the database connection was supposed to be established, but the author seems to be a fan of error suppression, so the problem only manifests itself here.

The moral of the story:

• Always read error messages thrice.
• Always give the exact error message when asking a question.
• Don't suppress errors.

:)

maybe it's just me, i'd write the function like this

public static function prepare($query = null,$args = array()) {
    $query = str_replace("'%s'", '%s', $query); // in case someone mistakenly already singlequoted it
    $query = str_replace('"%s"', '%s', $query); // doublequote unquoting
    $query = str_replace('%s', "'%s'", $query); // quote the strings

    foreach($args as $key=>$arg){
        $args[$key] = mysql_real_escape_string($arg, self::$currentCon);
    }

    //array_walk($args, array(&$this, 'mysql_real_escape_string'));

    return @vsprintf($query, $args);
}

I haven't tested it.. i don't understand why the function is using func_get_args() and array_shift() and then test if there was or not a second argument.. it seems too complicated, at least for me

Your prepare need a 1 parameter($query);

DatabaseManager::prepare("SELECT * FROM sometable WHERE somevar = %d", $var);

• in this code you give 2 parameters to function.