添加mysql_real_escape_string()导致将空白值存储到数据库中 [英] Adding mysql_real_escape_string() causes blank values to be stored to database

问题描述

$submit=$_POST['submit'];
$fullname=$_POST['fullname'];
$phone=preg_replace('/[^0-9]/', '', $_POST['phone']);
$phone =  (int) $phone;
$adress=$_POST['city']  . ' ' .  $_POST['district'] . ' ' . $_POST['adress'];
$friends=$_POST['friends'];
$school=$_POST['school'];
$info=$_POST['info'];
$dob = $_POST['year']."-". $_POST['month']."-".$_POST['day'];

最近我已添加到我的页面:

Recently i added to my page:

foreach ($_POST as $key => $value) { 
$_POST[$key] = mysql_real_escape_string($value);
}   

我想在添加所有$ _POST的( http://prntscr.com/22uot )ID之前对其进行净化处理mysql_real_escape_string()到我的页面，id为22.我的页面将所有变量都放在db表的字段中，但是当我想在变量中添加mysql_real_escape_string()时，则不会在字段中放入任何内容.我不知道该怎么办.

i want to sanitize all $_POST's (http://prntscr.com/22uot) ID 20 before adding mysql_real_escape_string() to my page, id 22 after. My page puts all variables to db table's fields but when I want to add mysql_real_escape_string() to variable it puts nothing into the field. I dunno what to do.

推荐答案

手册(如有疑问，应首先浏览)

As clearly indicated in the manual (which is the first things you should browse, when in doubt):

之前需要MySQL连接 使用mysql_real_escape_string() 否则，级别为E_WARNING的错误 生成，并返回FALSE. 如果未定义link_identifier，则 最后一个MySQL连接被使用.

A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn't defined, the last MySQL connection is used.

使用此功能之前，请确保已连接到数据库.

Be sure you've connect to your database before using this function.

$link = mysql_connect($dbhost,$dbuser,$dbpass);
mysql_select_db($dbname);

这篇关于添加mysql_real_escape_string()导致将空白值存储到数据库中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！