Questions and discussion about developing processes and programming in PHP, JavaScript, web services & REST API.

Moderator: amosbatto

Forum rules: Please search to see if a question has already asked before creating a new topic. Please don't post the same question in multiple forums.

I am using triggers with executeQuery() function running queries based on text fields in Dynaforms that can be filled by an user.
It has been recommended in this forum to use mysql_real_escape_string() to prevent SQL code from SQL injections.
(i.e. viewtopic.php?f=41&t=730841&p=815582&hi ... on#p815582)

However, the new 3.3.0 ProcessMaker version supports PHP 7 and in PHP 7 the mysql_real_escape_string() function is deprecated.

Which function should be used instead? Please help.

Best Regards,

Thank you very much.
The new function mysqli_real_escape_string ( mysqli $link , string $escapestr ) requires an additional parameter.

I have found the example of the mysql_real_escape_string in the documentation:

$db = '89445967454f5d18dd694f4084525230'; //unique ID of database connection
$client = mysql_real_escape_string(@@clientName);
$result = executeQuery("SELECT * FROM CLIENTS WHERE CLIENT_NAME='$client'", $db); ... _Functions

How would it look like in PHP 7 and mysqli_real_escape_string ? Is it possible to use exisiting Database Connection instead of PHP functions - mysqli_connect requires login and password.

Best Regards,
If you are connecting to your workspace's database, then do it this way:
Code: Select all
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
$client = $mysqli->escape_string(@@clientName);
$result = executeQuery("SELECT * FROM PMT_CLIENTS WHERE CLIENT_NAME='$client'");
If you are connecting to an external database, then you can do it this way:
Code: Select all
$db = '3030213565c08c817a2c5d9048580896'; //set to ID of database connection
$oDB = new \DbConnections(@@PROCESS);
$aDBs = $oDB->getAllConnections();
$aDB = array();

foreach ($aDBs as $a) {
   if ($a['DBS_UID'] == $db) {
	   $aDB = $a;
$pass = $oDB->getPassWithoutEncrypt($aDB);
$mysqli = new mysqli($aDB['DBS_SERVER'], $aDB['DBS_USERNAME'], $pass, $aDB['DBS_DATABASE_NAME']); 
$client = $mysqli->escape_string(@@clientName);
$result = executeQuery("SELECT * FROM CLIENTS WHERE CLIENT_NAME='$client'", $db);

Hi everyone! I am trying to create a link to a ex[…]

Routing Rule

Could you please share a screenshot from your proc[…]


I didn't work on this version of PM but I could su[…]

radio has a data automatic

Make sure you have assigned a variable to the radi[…]