mySQLI-mysqli_real_escape_string的问题 [英] mySQLI - problem with mysqli_real_escape_string
本文介绍了mySQLI-mysqli_real_escape_string的问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有这段代码,并且工作正常,但是我想做一个简单的修改
I have this code, and works perfectly, but i want to make a simple modification
<?php session_start();
require 'includes/f_banco1.php';
require '../PasswordHash.php';
function checkBd($sql, $db, $user, $codePass) {
$user = $_GET['userid']; //here
$codePass = $_GET['code'];//here
if(is_numeric($user)) {
($sql = $db->prepare("select userid, code from password_reset where userid=? and code=?"));
$sql->bind_param('ss', $user, $codePass);
$sql->execute();
$sql->bind_result($user, $codePass);
if ($sql->fetch()) {
$_SESSION['u_name']= sha1($user);
header("location: updatePass.php");
return true;
}
else
echo "Não existe na BD";
return false;
}
else
echo "Erro";
}
checkBd ($sql, $db, $user, $codePass);
?>
我想更改这些行
$user = $_GET['userid']; //here
$codePass = $_GET['code'];//here
到
$user = mysqli_real_escape_string($db, $_GET['userid']);
$codePass = mysqli_real_escape_string($db, $_GET['code']);
但是通过此更改,代码简单地停止了工作,$ user的回显不显示任何内容
but with this change the code simple stops work, an echo of $user doesn't show nothing
有什么主意吗?
谢谢
推荐答案
您不需要这样做.您正在使用准备好的语句,这些语句将自动对变量进行转义.
You do not need to do that. You are using prepared statements, which escape the variables automatically.
这篇关于mySQLI-mysqli_real_escape_string的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文