mysql_real_escape_string()完全删除字符串 [英] mysql_real_escape_string() completely removes string

问题描述

我正在转义从php表单中收到的所有字符串参数，如下所示:

I'm escaping all the string parameters I receive from a php form like this:

$usr_name = mysql_real_escape_string($_REQUEST['usr_name']);

以避免SQL注入的一些问题.但是，当我从函数返回字符串时，我一无所有.

to avoid a few problems with SQL Injection. But when I my string back from the function, I end up with nothing.

我还在我的PHP日志中不断收到这个奇怪的警告:

Also I keep getting this weird warning in my PHP log:

PHP Warning:  mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: A link to the server could not be established in /hermes/bosweb/web279/b2798/ipw.bankingforms/public_html/formAckResponse_controller.php on line 39

主机使用:PHP版本4.4.7

The host uses: PHP Version 4.4.7

推荐答案

来自 PHP.net :

注意:需要MySQL连接 使用之前 mysql_real_escape_string()否则 级别E_WARNING的错误是 生成，并返回FALSE.如果 link_identifier未定义， 最后一个MySQL连接被使用.

Note: A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn't defined, the last MySQL connection is used.

换句话说，在使用此功能之前，您将需要通过mysql_connect()或mysql_pconnect()连接到MySQL数据库.

In other words, you will have needed to connect to the MySQL database through mysql_connect() or mysql_pconnect() before you can use this function.

这篇关于mysql_real_escape_string()完全删除字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！