real_escape_string
轉義字符串中的特殊字符以用於SQL 語句。
中文(繁體)
中文(繁體)
real_escape_string() / mysqli_real_escape_string()函數轉義字符串中的特殊字符,以便在SQL 查詢中使用,同時考慮連接的當前字符集。
此函數用於創建可在SQL 語句中使用的合法SQL 字符串。假設我們有以下代碼:
<?php
$lastname = "D'Ore" ;
$sql = "INSERT INTO Persons (LastName) VALUES (' $lastname ')" ;
// 此查詢將失敗,因為我們沒有轉義$lastname
if ( ! $mysqli -> query ( $sql ) ) {
printf ( "%d Row inserted.\n" , $mysqli -> affected_rows ) ;
}
?>
轉義字符串中的特殊字符:
<?php
$mysqli = new mysqli ( "localhost" , "my_user" , "my_password" , "my_db" ) ;
if ( $mysqli -> connect_errno ) {
echo "Failed to connect to MySQL: " . $mysqli -> connect_error ;
exit ( ) ;
}
// 轉義特殊字符(如果有)
$firstname = $mysqli -> real_escape_string ( $_POST [ 'firstname' ] ) ;
$lastname = $mysqli -> real_escape_string ( $_POST [ 'lastname' ] ) ;
$age = $mysqli -> real_escape_string ( $_POST [ 'age' ] ) ;
$sql = "INSERT INTO Persons (FirstName, LastName, Age) VALUES (' $firstname ', ' $lastname ', ' $age ')" ;
if ( ! $mysqli -> query ( $sql ) ) {
printf ( "%d Row inserted.\n" , $mysqli -> affected_rows ) ;
}
$mysqli -> close ( ) ;
?>
轉義字符串中的特殊字符:
<?php
$con = mysqli_connect ( "localhost" , "my_user" , "my_password" , "my_db" ) ;
if ( mysqli_connect_errno ( ) ) {
echo "Failed to connect to MySQL: " . mysqli_connect_error ( ) ;
exit ( ) ;
}
// 轉義特殊字符(如果有)
$firstname = mysqli_real_escape_string ( $con , $_POST [ 'firstname' ] ) ;
$lastname = mysqli_real_escape_string ( $con , $_POST [ 'lastname' ] ) ;
$age = mysqli_real_escape_string ( $con , $_POST [ 'age' ] ) ;
$sql = "INSERT INTO Persons (FirstName, LastName, Age) VALUES (' $firstname ', ' $lastname ', ' $age ')" ;
if ( ! mysqli_query ( $con , $sql ) ) {
printf ( "%d Row inserted.\n" , mysqli_affected_rows ( $con ) ) ;
}
mysqli_close ( $con ) ;
?>
ftp_alloc
mysql_client_encoding
mysql_field_len
saveXML
mysql_get_client_info
mysqli::connect
jdtogregorian
mysql_errno
