You haven't imported the $db variable into the function's scope.
function safe($value)
{
global $db;
$secureString = mysqli_real_escape_string($db, $value);
return $secureString;
}
Alternatively, you can pass in the variable as an argument.