mysqli_real_escape_string没有转义任何东西
[英]mysqli_real_escape_string not escaping anything
问题描述
I am using mysqli_real_escape_string to escape single and double quotes etc. but it is not escaping anything. 
我正在使用mysqli_real_escape_string转义单引号和双引号等,但是它没有转义任何内容。 My code is as follows 我的代码如下
$con = mysqli_connect("ip","db","pw","db");
$formtext = $_POST['formtext'];
$formtext = mysqli_real_escape_string($con, $formtext);
mysqli_query($con, "INSERT into table (formtext) VALUES ('$formtext')")
or die();
After inserting into the table the 'formtext' field contains no escapes (backslashes). 插入表格后,“ formtext”字段不包含任何转义符(反斜杠)。 What are the possible reasons for this to be happening? 发生这种情况的可能原因是什么?
1 个解决方案
解决方案1
2 已采纳 2015-06-30 04:07:50
The data saved to the database will not contain "escapes" or escape sequences or extraneous slashes. 保存到数据库的数据将不包含“转义”或转义序列或多余的斜杠。
The database will contain the actual data supplied , which is the point of the function: to escape the input for use as SQL string content in an SQL statement. 数据库将包含提供的实际数据 ,这是该功能的关键点:转义输入以用作 SQL语句中的SQL 字符串内容 。
mysqli_real_escape_string escapes special characters in a string for use in an SQL statement [as string literal content], taking into account the current charset of the connection.
If the point is to change data (and if so, be precise on what the change should be) - noting that "real_escape" or (better) parameterized queries should still be used anyway - then use the appropriate function for the task. 如果要更改数据(如果这样的话,请准确说明更改的内容 )-注意无论如何仍应使用“ real_escape”或(更好) 参数化查询 -然后为任务使用适当的函数。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.