mysql_real_escape_string和array_map返回空字符串吗? [英] mysql_real_escape_string and array_map returns blank strings?

问题描述

我还没有学会如何使用参数化查询(根据本网站上的其他文章，明天早上我绝对需要做第一件事)，并且我想在查询中使用大量表单数据，逃脱了.

I haven't yet learned how to use parameterized queries (which according to some other posts on this site is something that I absolutely need to do first thing tomorrow morning) and I want to get a whack of form data into a query, escaped.

两次，我遇到了这个解决方案:

Twice, I have come across this solution:

$_POST = array_map('mysqli_real_escape_string', $_POST);

据我所知，这通过转义函数运行$ _POST数组中的所有变量.我已经看到 exact 行被提高了，但是当我将其添加到现有的PHP中时，它会创建一堆空白值.

This, from what I can tell, runs all of the variables in the $_POST array through the escape function. I have seen that exact line upvoted, but when I add it to my existing PHP it creates a bunch of blank values.

我的印象是mysqli_real_escape_string需要第二个参数-链接/连接.这是什么引起我的问​​题吗?如果删除该行，并且我的变量从$ _POST获取其未转义的值，则数据库中的数据就可以正常使用.

I was under the impression that mysqli_real_escape_string needed a 2nd parameter - the link/connection. Is this what's causing my problem? The data takes just fine in the database if that line is removed and my variables take their unescaped values from $_POST.

推荐答案

array_map返回新数组，如果要覆盖$_POST，更好的解决方案是使用array_walk.

array_map returns new array, if you're overwriting $_POST, better solution would be to use array_walk.

array_walk($_POST, function(&$string) use ($link) { 
  $string = mysqli_real_escape_string($link, $string);
});

请注意，$link必须是有效的连接.

Note that $link must be valid connection.

Function [ <internal:mysqli> function mysqli_real_escape_string ] {

  - Parameters [2] {
    Parameter #0 [ <required> $link ]
    Parameter #1 [ <required> $string_to_escape ]
  }
}

这篇关于mysql_real_escape_string和array_map返回空字符串吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！