“ real_escape_string”问题
[英]problem with “real_escape_string”
问题描述
i am having some troubles my the "real_escape_string" and i need some help 
我的“ real_escape_string”遇到了一些麻烦,我需要一些帮助
login.php login.php
<?php include('Connections/local.php'); ?>
<?php
function GetSQLValueString($sql) {
$sql = $mysqli->real_escape_string($sql);
return $sql;
}
?>
local.php local.php
<?php
$hostname_local = "xxx";
$database_local = "xxx";
$username_local = "xxx";
$password_local = "xxx";
$mysqli = new mysqli($hostname_local, $username_local, $password_local, $database_local);
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
?>
the error is 错误是
Undefined variable: mysqli
i've tried some things ( like moving the content of the local.php inside the login.php ) but nothing works 我已经尝试了一些事情(例如在login.php内移动local.php的内容),但是没有任何效果
2 个解决方案
解决方案1
1 2015-03-04 03:20:35
You can't access $mysqli inside your function. 您不能在函数内部访问$ mysqli。 If you want to, add global $mysqli; 如果要添加global $mysqli; in your function to make it accessible. 在您的功能中使其可访问。 Alternatively, you could pass the $mysqli as a parameter. 或者,您可以将$ mysqli作为参数传递。
解决方案2
1 2015-03-11 19:55:58
Why not just use the function call directly. 为什么不直接使用函数调用呢?
My suggestion, just create a simpler (and easier to read function) called "esc" and use that anytime you need to escape anything sql related. 我的建议是,只需创建一个更简单(且更易于阅读的函数)称为“ esc”,并在需要逸出任何与sql相关的内容时使用它。
function esc($string, $mysqli = false) {
if (!$mysqli) global $mysqli;
return mysqli_real_escape_string($mysqli,$string);
}
And then just use this by doing the following: 然后只需执行以下操作即可使用:
$sql = esc($string); //if $mysqli is already set globally, and thus will be inherited by the function
OR 要么
$sql = esc($string,$mysqli); //if $mysqli is to be passed into each func call
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.