mysql_real_escape_string()完全删除字符串 [英] mysql_real_escape_string() completely removes string
问题描述
我正在转义从php表单中收到的所有字符串参数,如下所示:
I'm escaping all the string parameters I receive from a php form like this:
$usr_name = mysql_real_escape_string($_REQUEST['usr_name']);
以避免SQL注入的一些问题.但是,当我从函数返回字符串时,我一无所有.
to avoid a few problems with SQL Injection. But when I my string back from the function, I end up with nothing.
我还在我的PHP日志中不断收到这个奇怪的警告:
Also I keep getting this weird warning in my PHP log:
PHP Warning: mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: A link to the server could not be established in /hermes/bosweb/web279/b2798/ipw.bankingforms/public_html/formAckResponse_controller.php on line 39
主机使用:PHP版本4.4.7
The host uses: PHP Version 4.4.7
推荐答案
来自 PHP.net :
注意:需要MySQL连接 使用之前
mysql_real_escape_string()
否则 级别E_WARNING
的错误是 生成,并返回FALSE
.如果link_identifier
未定义, 最后一个MySQL连接被使用.
Note: A MySQL connection is required before using
mysql_real_escape_string()
otherwise an error of levelE_WARNING
is generated, andFALSE
is returned. Iflink_identifier
isn't defined, the last MySQL connection is used.
换句话说,在使用此功能之前,您将需要通过mysql_connect()
或mysql_pconnect()
连接到MySQL数据库.
In other words, you will have needed to connect to the MySQL database through mysql_connect()
or mysql_pconnect()
before you can use this function.
这篇关于mysql_real_escape_string()完全删除字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!