[英]mysqli_real_escape_string not working?
if($_SESSION['s_logged_n'] == 'true'){
$server = $panel->real_escape_string($_GET['ip']);
$dn = $panel->real_escape_string($_GET['newname']);
$query = $panel->query(
"UPDATE `Registered` SET `displayname` = '$dn' WHERE `owner`='".$_SESSION['s_username']."' AND `server`='$server'"
);
}
Above is the code that I am using. 上面是我正在使用的代码。 $panel is a connection to the database, which works. $ panel是到数据库的连接,可以正常工作。 I've been banging my head for hours working with this stuff in order to try and escape the quotes. 我一直在努力工作几个小时,以尝试避免引用。
You are not using mysqli_real_escape_string
you are using the method real_escape_string
that belongs to the objects $panel
now if that is just another name for mysqli_real_escape_string
then it is not used to "strip" quotes, it is used to make a legal SQL query. 您没有使用mysqli_real_escape_string
,而是使用了属于对象$panel
real_escape_string
方法,如果这只是mysqli_real_escape_string
另一个名称,那么它不用于“带状”引号,它用于进行合法的SQL查询。 Quotes are not an illegal entity. 报价不是非法实体。 I would suggest simply str_replace()
if you want to specifically target quotations. 如果您要专门针对引用,我建议只使用str_replace()
。
EDIT 编辑
jeroen beat me in the comments :p jeroen在评论中击败了我:p
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.