mysql_real_escape_string() 完全删除字符串
我转义了从 php 表单收到的所有字符串参数,如下所示:
$usr_name = mysql_real_escape_string($_REQUEST['usr_name']);
以避免 SQL 注入的一些问题。 但是当我从函数中返回字符串时,我什么也没有得到。
另外,我在 PHP 日志中不断收到这个奇怪的警告:
PHP Warning: mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: A link to the server could not be established in /hermes/bosweb/web279/b2798/ipw.bankingforms/public_html/formAckResponse_controller.php on line 39
主机使用:PHP 版本 4.4.7
I'm escaping all the string parameters I receive from a php form like this:
$usr_name = mysql_real_escape_string($_REQUEST['usr_name']);
to avoid a few problems with SQL Injection. But when I my string back from the function, I end up with nothing.
Also I keep getting this weird warning in my PHP log:
PHP Warning: mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: A link to the server could not be established in /hermes/bosweb/web279/b2798/ipw.bankingforms/public_html/formAckResponse_controller.php on line 39
The host uses: PHP Version 4.4.7
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
来自 PHP.net:
换句话说,您需要先通过
mysql_connect()或mysql_pconnect()连接到 MySQL 数据库,然后才能使用此函数。From PHP.net:
In other words, you will have needed to connect to the MySQL database through
mysql_connect()ormysql_pconnect()before you can use this function.