[英]mysqli_real_escape_string not working correctly
I am trying to use both mysqli_real_escape_string
and trim
together before making a MySQL INSERT
query. 我试图在进行MySQL
INSERT
查询之前同时使用mysqli_real_escape_string
和trim
。 My code is as follows: 我的代码如下:
<?php
$fname = mysqli_real_escape_string($dbc, trim($_POST['fname']));
$sname = mysqli_real_escape_string($dbc, trim($_POST['sname']));
$occ = mysqli_real_escape_string($dbc, trim($_POST['occ']));
$twitter = mysqli_real_escape_string($dbc, trim($_POST['twitter']));
$email = mysqli_real_escape_string($dbc, trim($_POST['email']));
$skype = mysqli_real_escape_string($dbc, trim($_POST['skype']));
$topic1 = mysqli_real_escape_string($dbc, trim($_POST['topic1']));
$topic2 = mysqli_real_escape_string($dbc, trim($_POST['topic2']));
$topic3 = mysqli_real_escape_string($dbc, trim($_POST['topic3']));
$avoid1 = mysqli_real_escape_string($dbc, trim($_POST['avoid1']));
$avoid2 = mysqli_real_escape_string($dbc, trim($_POST['avoid2']));
$avoid3 = mysqli_real_escape_string($dbc, trim($_POST['avoid3']));
$cr = mysqli_real_escape_string($dbc, trim($_POST['cr']));
if ((!empty($fname)) && (!empty($sname)) && (!empty($email)) && (!empty($topic1))) {
$dbc = mysqli_connect('host', 'user', 'password', 'database') or die('Error connecting to MySQL server');
$query = "INSERT INTO initial_details (fname, sname, occ, twitter, email, skype, topic1, topic2, topic3, avoid1, avoid2, avoid3, cr) VALUES ('$fname', '$sname', '$occ', '$twitter', '$email', '$skype', '$topic1', '$topic2', '$topic3', '$avoid1', '$avoid2', '$avoid3', '$cr')";
$result = mysqli_query($dbc, $query);
if (!$result) {
mysqli_close($dbc);
echo 'Duplicate';
} else {
mysqli_close($dbc);
echo 'Success - entry added';
}
} else {
echo 'Error';
}
?>
Using the code as above I get the 'Error' message, however if I remove mysqli_real_escape_string()
and just use trim
I am able to insert my entry successfully. 使用上面的代码,我会收到“错误”消息,但是,如果删除
mysqli_real_escape_string()
并仅使用trim
可以成功插入条目。
Why am I not able to use mysqli_real_escape_string()
in this scenario? 为什么在这种情况下我不能使用
mysqli_real_escape_string()
?
$dbc = mysqli_connect
must precede all the mysqli_real_escape_string
calls to make it work. $dbc = mysqli_connect
必须在所有mysqli_real_escape_string
调用之前,才能使其正常工作。 This is because you need an active mysqli connection to use that function. 这是因为您需要活动的mysqli连接才能使用该功能。
You have to connect to your database first. 您必须先连接到数据库。
Turning on error reporting also helps. 打开错误报告也有帮助。
$dbc = mysqli_connect
must precede all the mysqli_real_escape_string
calls to make it work. $dbc = mysqli_connect
必须在所有mysqli_real_escape_string
调用之前,才能使其正常工作。 This is because you need an active mysqli connection to use that function. 这是因为您需要活动的mysqli连接才能使用该功能。 What does this one means.
这是什么意思。 Need it more detailed?
需要更详细吗?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.