[英]Codeigniter using MYSQLI escape string
I am currently updating a section of code that uses mysql
currently the escape string is structured like this: $product_name = mysql_real_escape_string(trim($_POST['product_name']));
我当前正在更新一段使用
mysql
的代码,当前转义字符串的结构如下: $product_name = mysql_real_escape_string(trim($_POST['product_name']));
and works fine. 并且工作正常。
My issue is when I change the above string to $product_name = mysqli_real_escape_string($database, (trim($_POST['product_name'])));
我的问题是当我将上面的字符串更改为
$product_name = mysqli_real_escape_string($database, (trim($_POST['product_name'])));
and declare the following: $database = $this->load->database();
并声明以下内容:
$database = $this->load->database();
above it I get the error that its NULL 在它上面我得到的错误是它的NULL
How do I escape a string with CI? 如何使用CI来转义字符串?
You use 你用
$this->db->query("select ?",array("value")); $ this-> db-> query(“ select?”,array(“ value”)));
Where each ? 每个在哪里? In thee select is the variable you want escaped
在您中选择要转义的变量
CodeIgniter user manual wrote the following. CodeIgniter 用户手册写道:
Beyond simplicity, a major benefit to using the Active Record features is that it allows you >to create database independent applications, since the query syntax is generated by each >database adapter.
除了简单之外,使用Active Record功能的主要好处是它允许您创建独立于数据库的应用程序,因为查询语法是由每个数据库适配器生成的。 It also allows for safer queries, since the values are escaped >automatically by the system.
它还允许更安全的查询,因为这些值会由系统自动转义。
You can use Input class in your controller. 您可以在控制器中使用Input类。
$this->load->model('mymodel');
$something = $this->input->post('something');
$results = $this->mymodel->mymethod($something);
In your model 在您的模型中
$this->db->insert('mytable', $data);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.