Ok, I hope I've got everything listed up nicely before posting this question because I've found bits and pieces of a solution here and there but no real answer to my issue.
1: I'm using a singleton MySQL connection with mysqli, not using stored procedures;
2: I found code online explaining session_set_save_handler and have embedded it as a class called MySqlSessionStore;
3: in my DB class there is this public function:
public function escapeStringForDB($input)
{
return $this->_link->real_escape_string($input);
}
and $this->_link = new mysqli($host, $user, $password, $database)
4:$db = MySQL::getInstance(array(DB_SERVER, DB_USER, DB_PASS, DB_NAME));
This is how I call the static DB function (nothing out of the ordinary here)
Problem: everything works until I uncomment $id = $db->escapeStringForDB($id);, then the following error occurs:
Call to a member function real_escape_string() on a non-object
Example code from MySqlSessionStore:
function read($id)
{
$db = MySQL::getInstance(array(DB_SERVER, DB_USER, DB_PASS, DB_NAME));
$id = $db->escapeStringForDB($id);
$db->query("SELECT data FROM sessions WHERE BINARY id = '". $id ."'");
//echo "SELECT data FROM sessions WHERE id = '". $id ."'";
$result = $db->fetch();
if(isset($result) && !empty($result))
{
return $result->data;
}
//MUST send an empty string if no session data
return "";
}
Other questions, remarks:
- I'm using session_regenerate_id() but apparently this needs to be removed with session_set_save_handler;
- Where exactly do I put
session_write_close();? I've got it in the destructor of my db class, but maybe that isn't the way to go; - I'm using this without harm on other projects, but here it seems the session handler behavior is different and confusing me :)
Thanks in advance, if you need more info I'll gladly provide it.