mysqli_real_escape_string（）返回空字符串

Question

誰有這個解決方案？我從今天晚上突然藍屏錯誤后就遇到了這個問題。 我當時在用這個簡單的代碼在項目中實現會話，但有些成功，但是在神秘重啟之后，這件事變得很奇怪！

該代碼應該可以正常工作！！！

更新：照顧了一些小錯誤，並且現在可以完全操作了:)

    <?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
    if (empty($_POST['username']) || empty($_POST['password'])) {
        $error = "Username or Password is invalid";
        }
        else
        {
            // Define $username and $password
            $username=$_POST['username'];
            $password=$_POST['password'];
            // Establishing Connection with Server by passing server_name, user_id and password as a parameter
            $connection = mysqli_connect("localhost", "root", "root","company");// Selecting Database
            if (!$connection) {
                die("Connection failed: " . mysqli_connect_error());
                }
                // To protect MySQL injection for Security purpose
                //$username = stripslashes($username);
                //$password = stripslashes($password);

                $username = mysqli_real_escape_string($connection,$username);
                $password = mysqli_real_escape_string($connection,$password);



                // SQL query to fetch information of registerd users and finds user match.
                $query = "select * from login where password='$password' AND username='$username'";  

                //$query = "select * from login where password='".$password."' AND username='".$username."'";



                $result=mysqli_query($connection,$query);
                $rows = mysqli_num_rows($result);


                if ($rows == 1) {
                    $_SESSION['login_user']=$username; // Initializing Session
                    header("location: profile.php"); // Redirecting To Other Page
                    }
                    else {
                        $error = "Username or Password Invalid";
                        }
                        mysqli_close($connection); // Closing Connection
                        }
                        }
?>

輸出圖像（編輯前）-

Answer 1

mysqli_real_escape_string($username)缺少必需的參數

mysqli_real_escape_string()函數的用法如下：

$con=mysqli_connect("localhost","my_user","my_password","my_db");

// Check connection
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

// escape variables for security
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$age = mysqli_real_escape_string($con, $_POST['age']);

您必須添加$ connection（您的連接變量）。 這樣它就變成了： mysqli_real_escape_string($connection, $username)

http://www.w3schools.com/php/func_mysqli_real_escape_string.asp

Answer 2

這是我使用的轉義字符串

<?php
if (!function_exists('escapestring')) {

function escapestring($vconnection, $value, $datatype) { 

  $value = function_exists('mysqli_real_escape_string') ? mysqli_real_escape_string($vconnection, $value) : mysqli_escape_string($vconnection, $value);

  switch ($datatype) { 
    case 'text':
      $value = ($value != '') ? "'" . $value . "'" : "'na'";
      break;      
    case 'int':
      $value = ($value != '') ? intval($value) : "'na'";
      break;  
    case 'float':
      $value = ($value != '') ? floatval($value) : "'na'";
      break;
    case 'date':
      $value = ($value != '') ? "'" . $value . "'" : "'na'";
      break; 
    }
    return $value;
    }
}
?>

Answer 3

您的查詢未正確使用引號，它將使用'$password'和'$username' ，而不是它們的值，請將其更改為-

$query = "select * from login where password='".$password."' AND username='".$username."'";

代替這個

$query = "select * from login where password='$password' AND username='$username'";

再加上你需要使用mysqli_close()代替mysql_close()和mysqli_real_escape_string($connection, $username)由帕夫洛維奇的建議。