mySQLI-mysqli_real_escape_string问题
[英]mySQLI - problem with mysqli_real_escape_string
问题描述
I have this code, and works perfectly, but i want to make a simple modification 
我有此代码,并且工作正常,但我想进行简单的修改
<?php session_start();
require 'includes/f_banco1.php';
require '../PasswordHash.php';
function checkBd($sql, $db, $user, $codePass) {
$user = $_GET['userid']; //here
$codePass = $_GET['code'];//here
if(is_numeric($user)) {
($sql = $db->prepare("select userid, code from password_reset where userid=? and code=?"));
$sql->bind_param('ss', $user, $codePass);
$sql->execute();
$sql->bind_result($user, $codePass);
if ($sql->fetch()) {
$_SESSION['u_name']= sha1($user);
header("location: updatePass.php");
return true;
}
else
echo "Não existe na BD";
return false;
}
else
echo "Erro";
}
checkBd ($sql, $db, $user, $codePass);
?>
i want to change these lines 我想改变这些线
$user = $_GET['userid']; //here
$codePass = $_GET['code'];//here
to 至
$user = mysqli_real_escape_string($db, $_GET['userid']);
$codePass = mysqli_real_escape_string($db, $_GET['code']);
but with this change the code simple stops work, an echo of $user doesn't show nothing 但是通过此更改,代码简单地停止工作,$ user的回显不显示任何内容
any idea? 任何想法?
thanks 谢谢
2 个解决方案
解决方案1
1 已采纳 2011-03-22 01:42:06
You do not need to do that. 您不需要这样做。 You are using prepared statements, which escape the variables automatically. 您正在使用准备好的语句,这些语句将自动转义变量。
解决方案2
0 2011-03-22 01:42:40
If you prepare your statement, you don't need to escape your string. 如果准备了语句,则无需转义字符串。
Note: Your database connection must be opened to use mysqli_real_escape_string() 注意:必须打开数据库连接才能使用mysqli_real_escape_string()
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.