mysqli_real_escape_string不起作用?
[英]mysqli_real_escape_string not working?
问题描述
if($_SESSION['s_logged_n'] == 'true'){
$server = $panel->real_escape_string($_GET['ip']);
$dn = $panel->real_escape_string($_GET['newname']);
$query = $panel->query(
"UPDATE `Registered` SET `displayname` = '$dn' WHERE `owner`='".$_SESSION['s_username']."' AND `server`='$server'"
);
}
Above is the code that I am using. 
上面是我正在使用的代码。 $panel is a connection to the database, which works. $ panel是到数据库的连接,可以正常工作。 I've been banging my head for hours working with this stuff in order to try and escape the quotes. 我一直在努力工作几个小时,以尝试避免引用。
1 个解决方案
解决方案1
0 已采纳 2013-01-27 02:25:02
You are not using mysqli_real_escape_string you are using the method real_escape_string that belongs to the objects $panel now if that is just another name for mysqli_real_escape_string then it is not used to "strip" quotes, it is used to make a legal SQL query. 您没有使用mysqli_real_escape_string ,而是使用了属于对象$panel real_escape_string方法,如果这只是mysqli_real_escape_string另一个名称,那么它不用于“带状”引号,它用于进行合法的SQL查询。 Quotes are not an illegal entity. 报价不是非法实体。 I would suggest simply str_replace() if you want to specifically target quotations. 如果您要专门针对引用,我建议只使用str_replace() 。
EDIT 编辑
jeroen beat me in the comments :p jeroen在评论中击败了我:p
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.