mySQLI - problem with mysqli_real_escape_string
Question
I have this code, and works perfectly, but i want to make a simple modification
<?php session_start();
require 'includes/f_banco1.php';
require '../PasswordHash.php';
function checkBd($sql, $db, $user, $codePass) {
$user = $_GET['userid']; //here
$codePass = $_GET['code'];//here
if(is_numeric($user)) {
($sql = $db->prepare("select userid, code from password_reset where userid=? and code=?"));
$sql->bind_param('ss', $user, $codePass);
$sql->execute();
$sql->bind_result($user, $codePass);
if ($sql->fetch()) {
$_SESSION['u_name']= sha1($user);
header("location: updatePass.php");
return true;
}
else
echo "Não existe na BD";
return false;
}
else
echo "Erro";
}
checkBd ($sql, $db, $user, $codePass);
?>
i want to change these lines
$user = $_GET['userid']; //here
$codePass = $_GET['code'];//here
to
$user = mysqli_real_escape_string($db, $_GET['userid']);
$codePass = mysqli_real_escape_string($db, $_GET['code']);
but with this change the code simple stops work, an echo of $user doesn't show nothing
any idea?
thanks
2 answers
solution1
1 ACCPTED 2011-03-22 01:42:06
You do not need to do that. You are using prepared statements, which escape the variables automatically.
solution2
0 2011-03-22 01:42:40
If you prepare your statement, you don't need to escape your string.
Note: Your database connection must be opened to use mysqli_real_escape_string()
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.