如何在mysqli中转义字符串 [英] how to escape string in mysqli

问题描述

在旧的mysql()代码中，为转义字符串，我这样做:

In old mysql() code, to escape a string, I did this:

t.TeacherUsername = '".mysql_real_escape_string($teacherusername)."'

我正在将代码更改为mysqli，但是我想确定并且安全地在mysqli中转义字符串的内容如下所示:

I am changing my code to mysqli, but what I want to know for sure and to be safe, to escape a string in mysqli is it like this below:

t.TeacherUsername = '".mysqli_real_escape_string($teacherusername)."'

也可以连接到mysqli数据库，如下所示:

Also to connect to mysqli database is it like this below:

$username="xxx";
$password="xxx";
$database="xxx";

mysqli_connect('localhost',$username,$password);

mysqli_select_db($database) or die( "Unable to select database");

我所做的就是将mysql更改为mysqli，对吗?

All I have done is change mysql to mysqli, is that correct?

更新:

现在这是使用mysqli连接数据库的正确方法吗?

Is this now the correct way to connect to database using mysqli:

$username="xxx";
$password="xxx";
$database="mobile_app";

$mysqli = new mysqli("localhost", $username, $password, $database);

if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

推荐答案

您对该函数的使用不正确.

Your use of the function is incorrect.

您必须使用mysqli_connect返回的mysqli链接资源作为mysqli_real_escape_string的第一个参数.

You MUST use the mysqli link resource returned by mysqli_connect as the first parameter to mysqli_real_escape_string.

示例:

$username="xxx";
$password="xxx";
$database="xxx";

$my = mysqli_connect('localhost',$username,$password);

mysqli_select_db($my, $database) or die( "Unable to select database");

$t->TeacherUsername = "'" . mysqli_real_escape_string($my, $teacherusername). "'";

这篇关于如何在mysqli中转义字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！