11111

mysqli_real_escape_string

Пред.

След.

mysqli_real_escape_string

(PHP 5)mysqli_real_escape_string

(no version information, might be only in CVS)mysqli->real_escape_string --

Escapes special characters in a string for use in a SQL statement,

taking into account the current charset of the connection

Description

Procedural style:string mysqli_real_escape_string (mysqli link, string escapestr)

Object oriented style (method):class mysqli {

string real_escape_string (string escapestr)

}

- This function is used to create a legal SQL string that you can use in a SQL statement.

The string escapestr is encoded to an escaped SQL string, taking into

account the current character set of the connection.

- Characters encoded are NUL (ASCII 0), \n, \r, \, ', ", and Control-Z.

Возвращаемые значения

- Returns an escaped string.

Смотрите также

- mysqli_character_set_name().

Примеры

Пример 1. Object oriented style

<?php

$mysqli = new mysqli("localhost", "my_user", "my_password", "world");

/* check connection */

if (mysqli_connect_errno()) {

printf("Connect failed: %s\n", mysqli_connect_error());

exit();

}

$mysqli->query("CREATE TEMPORARY TABLE myCity LIKE City");

$city = "'s Hertogenbosch";

/* this query will fail, cause we didn't escape $city */

if (!$mysqli->query("INSERT into myCity (Name) VALUES ('$city')")) {

printf("Error: %s\n", $mysqli->sqlstate);

}

$city = $mysqli->real_escape_string($city);

/* this query with escaped $city will work */

if ($mysqli->query("INSERT into myCity (Name) VALUES ('$city')")) {

printf("%d Row inserted.\n", $mysqli->affected_rows);

}

$mysqli->close();

?>

Пример 2. Procedural style

<?php

$link = mysqli_connect("localhost", "my_user", "my_password", "world");

/* check connection */

if (mysqli_connect_errno()) {

printf("Connect failed: %s\n", mysqli_connect_error());

exit();

}

mysqli_query($link, "CREATE TEMPORARY TABLE myCity LIKE City");

$city = "'s Hertogenbosch";

/* this query will fail, cause we didn't escape $city */

if (!mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) {

printf("Error: %s\n", mysqli_sqlstate($link));

}

$city = mysqli_real_escape_string($link, $city);

/* this query with escaped $city will work */

if (mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) {

printf("%d Row inserted.\n", mysqli_affected_rows($link));

}

mysqli_close($link);

?>

Результат выполнения данного примера:
Error: 42000

1 Row inserted.

Пред.

Начало

След.

mysqli_real_connect

Уровень выше

mysqli_real_query 22222

Free Web Hosting