添加mysql_real_escape_string()导致将空白值存储到数据库中 [英] Adding mysql_real_escape_string() causes blank values to be stored to database
问题描述
$submit=$_POST['submit'];
$fullname=$_POST['fullname'];
$phone=preg_replace('/[^0-9]/', '', $_POST['phone']);
$phone = (int) $phone;
$adress=$_POST['city'] . ' ' . $_POST['district'] . ' ' . $_POST['adress'];
$friends=$_POST['friends'];
$school=$_POST['school'];
$info=$_POST['info'];
$dob = $_POST['year']."-". $_POST['month']."-".$_POST['day'];
最近我已添加到我的页面:
Recently i added to my page:
foreach ($_POST as $key => $value) {
$_POST[$key] = mysql_real_escape_string($value);
}
我想在添加所有$ _POST的( http://prntscr.com/22uot )ID之前对其进行净化处理mysql_real_escape_string()
到我的页面,id为22.我的页面将所有变量都放在db表的字段中,但是当我想在变量中添加mysql_real_escape_string()
时,则不会在字段中放入任何内容.我不知道该怎么办.
i want to sanitize all $_POST's (http://prntscr.com/22uot) ID 20 before adding mysql_real_escape_string()
to my page, id 22 after. My page puts all variables to db table's fields but when I want to add mysql_real_escape_string()
to variable it puts nothing into the field. I dunno what to do.
推荐答案
手册(如有疑问,应首先浏览)
As clearly indicated in the manual (which is the first things you should browse, when in doubt):
之前需要MySQL连接 使用mysql_real_escape_string() 否则,级别为E_WARNING的错误 生成,并返回FALSE. 如果未定义link_identifier,则 最后一个MySQL连接被使用.
A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn't defined, the last MySQL connection is used.
使用此功能之前,请确保已连接到数据库.
Be sure you've connect to your database before using this function.
$link = mysql_connect($dbhost,$dbuser,$dbpass);
mysql_select_db($dbname);
这篇关于添加mysql_real_escape_string()导致将空白值存储到数据库中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!