![](/img/trans.png)
[英]For PHP function mysqli_real_escape_string(), what is the purpose of $link?
[英]What can I use in php instead of (mysqli_real_escape_string)
我已经使用oci_connect
连接到oracle并收到以下错误消息:
警告:mysqli_real_escape_string()期望参数1为mysqli,资源在
所以我试图更改mysqli_real_escape_string()
以与oci一起使用...
这是我的代码:
$condition = '';
$query = explode(" ", $_GET["search"]);
foreach($query as $text)
{
$condition .= "VIDEO_TITLE LIKE '%".mysqli_real_escape_string($connect, $text)."%' OR ";
}
$condition = substr($condition, 0, -4);
$sql_query = "SELECT * FROM TBL_VIDEO WHERE " . $condition;
$result = oci_parse($connect, $sql_query);
oci_execute($result);
if(oci_num_rows($result) > 0)
我使用以下功能。 大多数人肯定会首选准备好的语句,但这是一个很好的选择:
<?php
function mysql_escape_mimic($inp) {
if(is_array($inp))
return array_map(__METHOD__, $inp);
if(!empty($inp) && is_string($inp)) {
return str_replace(array('\\', "\0", "\n", "\r", "'", '"', "\x1a"), array('\\\\', '\\0', '\\n', '\\r', "\\'", '\\"', '\\Z'), $inp);
}
return $inp;
}
因此,您将替换以下行:
$condition .= "VIDEO_TITLE LIKE '%".mysqli_real_escape_string($connect, $text)."%' OR ";
与:
$condition .= "VIDEO_TITLE LIKE '%".mysql_escape_mimic($connect, $text)."%' OR ";
我从这里借来的: http : //php.net/manual/en/function.mysql-real-escape-string.php#101248
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.