码农教程 - 一技在手,衣食无忧! tools

目录

PHP mysqli real_escape_string() 函数

❮ PHP MySQLi 参考

示例 - 面向对象风格

转义字符串中的特殊字符:

<?php
$mysqli = new mysqli("localhost","my_user","my_password","my_db");

if ($mysqli -> connect_errno) {
  echo "Failed to connect to MySQL: " . $mysqli -> connect_error;
  exit();
}

// Escape special characters, if any
$firstname = $mysqli -> real_escape_string($_POST['firstname']);
$lastname = $mysqli -> real_escape_string($_POST['lastname']);
$age = $mysqli -> real_escape_string($_POST['age']);

$sql="INSERT INTO Persons (FirstName, LastName, Age) VALUES ('$firstname', '$lastname', '$age')";

if (!$mysqli -> query($sql)) {
  printf("%d Row inserted.\n", $mysqli->affected_rows);
}

$mysqli -> close();
?>

查看底部的程序样式示例。

定义和用法

real_escape_string() / mysqli_real_escape_string() 函数转义字符串中的特殊字符以用于 SQL 查询,同时考虑连接的当前字符集。

该函数用于创建可在 SQL 语句中使用的合法 SQL 字符串。假设我们有以下代码:

<?php

$lastname = "D'Ore";

$sql="INSERT INTO Persons (LastName) VALUES ('$lastname')";

// This query will fail, cause we didn't escape $lastname
if (!$mysqli -> query($sql)) {
  printf("%d Row inserted.\n", $mysqli->affected_rows);
}

?>

语法

面向对象风格:

$mysqli -> real_escape_string( escapestring)

程序风格:

mysqli_real_escape_string( connection, escapestring)

参数值

Parameter Description
connection Required. Specifies the MySQL connection to use
escapestring Required. The string to be escaped. Characters encoded are NUL (ASCII 0), \n, \r, \, ', ", and Control-Z.

技术细节

返回值: 返回转义的字符串
PHP 版本: 5+

示例 - 程序风格

转义字符串中的特殊字符:

<?php
$con = mysqli_connect("localhost","my_user","my_password","my_db");

if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  exit();
}

// Escape special characters, if any
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$age = mysqli_real_escape_string($con, $_POST['age']);

$sql="INSERT INTO Persons (FirstName, LastName, Age) VALUES ('$firstname', '$lastname', '$age')";

if (!mysqli_query($con, $sql)) {
  printf("%d Row inserted.\n", mysqli_affected_rows($con));
}

mysqli_close($con);
?>
❮ PHP MySQLi 参考