I've searched and yet nothing I find seems to work.
My problem is that when using special characters as ' the input query breaks. Now, I tried using the mysqli_real_escape_string on my string, but this returns a blank value. I read that the mysqli_real_escape_string should be placed AFTER the database connection, and as far as I know, that is what I have done, yet it returns blank values.
Here's the code:
<?php
session_start();
if (isset($_POST['submit'])) {
require_once 'connect.php';
$title = mysqli_real_escape_string($_POST['title']);
$article = mysqli_real_escape_string($_POST['article']);
$query = "INSERT INTO Articles
(Title, content)
VALUES
('$title', '$article')";
$result = mysqli_query($connect, $query) or die('could not query database');
$_SESSION['artcle'] = 1;
$_SESSION['artcle'] = $title;
mysqli_close($connect);
header('Location: CENSORED');
}
?>
You forgot your resource parameter:
$title = mysqli_real_escape_string($connect, $_POST['title']);
要么
$title = $connect->real_escape_string($_POST['title']);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.