[英]mysqli_real_escape_string not working properly
I've searched and yet nothing I find seems to work. 我进行了搜索,但似乎找不到任何工作。
My problem is that when using special characters as ' the input query breaks. 我的问题是,当使用特殊字符作为'时,输入查询会中断。 Now, I tried using the mysqli_real_escape_string on my string, but this returns a blank value. 现在,我尝试在字符串上使用mysqli_real_escape_string,但这将返回一个空值。 I read that the mysqli_real_escape_string should be placed AFTER the database connection, and as far as I know, that is what I have done, yet it returns blank values. 我读到mysqli_real_escape_string应该放在数据库连接之后,据我所知,那是我所做的,但是它返回空值。
Here's the code: 这是代码:
<?php
session_start();
if (isset($_POST['submit'])) {
require_once 'connect.php';
$title = mysqli_real_escape_string($_POST['title']);
$article = mysqli_real_escape_string($_POST['article']);
$query = "INSERT INTO Articles
(Title, content)
VALUES
('$title', '$article')";
$result = mysqli_query($connect, $query) or die('could not query database');
$_SESSION['artcle'] = 1;
$_SESSION['artcle'] = $title;
mysqli_close($connect);
header('Location: CENSORED');
}
?>
You forgot your resource parameter: 您忘记了资源参数:
$title = mysqli_real_escape_string($connect, $_POST['title']);
要么
$title = $connect->real_escape_string($_POST['title']);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.