mysqli_real_escape_string无法正常工作 [英] mysqli_real_escape_string not working correctly

问题描述

在进行MySQL INSERT查询之前，我试图同时使用mysqli_real_escape_string和trim.我的代码如下:

I am trying to use both mysqli_real_escape_string and trim together before making a MySQL INSERT query. My code is as follows:

<?php
$fname = mysqli_real_escape_string($dbc, trim($_POST['fname']));
$sname = mysqli_real_escape_string($dbc, trim($_POST['sname']));
$occ = mysqli_real_escape_string($dbc, trim($_POST['occ']));
$twitter = mysqli_real_escape_string($dbc, trim($_POST['twitter']));
$email = mysqli_real_escape_string($dbc, trim($_POST['email']));
$skype = mysqli_real_escape_string($dbc, trim($_POST['skype']));
$topic1 = mysqli_real_escape_string($dbc, trim($_POST['topic1']));
$topic2 = mysqli_real_escape_string($dbc, trim($_POST['topic2']));
$topic3 = mysqli_real_escape_string($dbc, trim($_POST['topic3']));
$avoid1 = mysqli_real_escape_string($dbc, trim($_POST['avoid1']));
$avoid2 = mysqli_real_escape_string($dbc, trim($_POST['avoid2']));
$avoid3 = mysqli_real_escape_string($dbc, trim($_POST['avoid3']));
$cr = mysqli_real_escape_string($dbc, trim($_POST['cr']));

if ((!empty($fname)) && (!empty($sname)) && (!empty($email)) && (!empty($topic1))) {
    $dbc = mysqli_connect('host', 'user', 'password', 'database') or die('Error connecting to MySQL server');
    $query = "INSERT INTO initial_details (fname, sname, occ, twitter, email, skype, topic1, topic2, topic3, avoid1, avoid2, avoid3, cr) VALUES ('$fname', '$sname', '$occ', '$twitter', '$email', '$skype', '$topic1', '$topic2', '$topic3', '$avoid1', '$avoid2', '$avoid3', '$cr')";
    $result = mysqli_query($dbc, $query);
    if (!$result) {
        mysqli_close($dbc);
        echo 'Duplicate';
    } else {
        mysqli_close($dbc);
        echo 'Success - entry added';
    }
} else {
    echo 'Error';
}   
?>

使用上面的代码，我会收到错误"消息，但是，如果删除mysqli_real_escape_string()并仅使用trim，则可以成功插入条目.

Using the code as above I get the 'Error' message, however if I remove mysqli_real_escape_string() and just use trim I am able to insert my entry successfully.

为什么在这种情况下我不能使用mysqli_real_escape_string()?

Why am I not able to use mysqli_real_escape_string() in this scenario?

推荐答案

$dbc = mysqli_connect必须在所有mysqli_real_escape_string调用之前，以使其起作用.这是因为您需要活动的mysqli连接才能使用该功能.

$dbc = mysqli_connect must precede all the mysqli_real_escape_string calls to make it work. This is because you need an active mysqli connection to use that function.

这篇关于mysqli_real_escape_string无法正常工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！