mysql_real_escape_string() 只是生成一个空字符串?
我正在使用 jQuery AJAX 请求一个名为 like.php 的页面,该页面连接到我的数据库并插入一行。这是 like.php 代码:
<?php
// Some config stuff
define(DB_HOST, 'localhost');
define(DB_USER, 'root');
define(DB_PASS, '');
define(DB_NAME, 'quicklike');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die('ERROR: ' . mysql_error());
$sel = mysql_select_db(DB_NAME, $link) or die('ERROR: ' . mysql_error());
$likeMsg = mysql_real_escape_string(trim($_POST['likeMsg']));
$timeStamp = time();
if(empty($likeMsg))
die('ERROR: Message is empty');
$sql = "INSERT INTO `likes` (like_message, timestamp)
VALUES ('$likeMsg', $timeStamp)";
$result = mysql_query($sql, $link) or die('ERROR: ' . mysql_error());
echo mysql_insert_id();
mysql_close($link);
?>
有问题的行是 $likeMsg = mysql_real_escape_string(trim($_POST['likeMsg']));。它似乎只是返回一个空字符串,在我的数据库中,在 like_message 列下,我看到的都是空白条目。如果我删除 mysql_real_escape_string() ,它工作正常。
这是我的 jQuery 代码(如果有帮助的话)。
$('#like').bind('keydown', function(e) {
if(e.keyCode == 13) {
var likeMessage = $('#changer p').html();
if(likeMessage) {
$.ajax({
cache: false,
url: 'like.php',
type: 'POST',
data: { likeMsg: likeMessage },
success: function(data) {
$('#like').unbind();
writeLikeButton(data);
}
});
} else {
$('#button_container').html('');
}
}
});
所有这些 jQuery 代码都工作正常,我自己独立测试过。
非常感谢任何帮助,谢谢。
I am using a jQuery AJAX request to a page called like.php that connects to my database and inserts a row. This is the like.php code:
<?php
// Some config stuff
define(DB_HOST, 'localhost');
define(DB_USER, 'root');
define(DB_PASS, '');
define(DB_NAME, 'quicklike');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die('ERROR: ' . mysql_error());
$sel = mysql_select_db(DB_NAME, $link) or die('ERROR: ' . mysql_error());
$likeMsg = mysql_real_escape_string(trim($_POST['likeMsg']));
$timeStamp = time();
if(empty($likeMsg))
die('ERROR: Message is empty');
$sql = "INSERT INTO `likes` (like_message, timestamp)
VALUES ('$likeMsg', $timeStamp)";
$result = mysql_query($sql, $link) or die('ERROR: ' . mysql_error());
echo mysql_insert_id();
mysql_close($link);
?>
The problematic line is $likeMsg = mysql_real_escape_string(trim($_POST['likeMsg']));. It seems to just return an empty string, and in my database under the like_message column all I see is blank entries. If I remove mysql_real_escape_string() though, it works fine.
Here's my jQuery code if it helps.
$('#like').bind('keydown', function(e) {
if(e.keyCode == 13) {
var likeMessage = $('#changer p').html();
if(likeMessage) {
$.ajax({
cache: false,
url: 'like.php',
type: 'POST',
data: { likeMsg: likeMessage },
success: function(data) {
$('#like').unbind();
writeLikeButton(data);
}
});
} else {
$('#button_container').html('');
}
}
});
All this jQuery code works fine, I've tested it myself independently.
Any help is greatly appreciated, thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
您是否 1000% 确定
$_POST["likeMsg"]实际上包含某些内容?至于
mysql_real_escape_string()返回空值,手册说只有可能发生这种情况的一种情况:但这里的情况似乎并非如此,因为您确实有一个打开的连接。奇怪的。
Are you 1000% sure that
$_POST["likeMsg"]actually contains something?As for
mysql_real_escape_string()returning an empty value, the manual says there is only one situation where that can happen:this doesn't seem to be the case here though, as you do have a connection open. Strange.
由于其他答案没有明确说明具体要做什么,这是我的:
当你这样做时,
你需要像这样转义:
注意:因为人们对此表示反对(WTF!?),这里是官方 php 手册的官方页面完全说明了我发布的内容:real_escape_string @ PHP 手册。
As the other answers don't make clear what exactly to do, here's my:
When you do
you need to escape like this:
NOTE: Because people are downvoting this (WTF!?), here's the official page of the official php manual that says EXACTLY what i have posted: real_escape_string @ PHP Manual.
对于现在可能再次发现此问题的人,我刚刚从 PHP5 迁移到 PHP7 时遇到了这个问题。我正在从
string mysql_real_escape_string(string $unescaped, [resource $link = NULL])
更改为:
string mysqli_real_escape_string(mysqli $link, string $escapestr)
所以,在换句话说,数据库 $link 不再是可选的,并且移动到第一个参数位置。如果省略,它会返回一个空字符串,显然不会出现错误。
For people who might be finding this again now, I just ran into this problem as I'm migrating from PHP5 to PHP7. I'm changing from
string mysql_real_escape_string(string $unescaped, [resource $link = NULL])to:
string mysqli_real_escape_string(mysqli $link, string $escapestr)So, in other words, the database $link is no longer optional and moves to the first argument position. If left out, it returns an empty string, without an error, apparently.
执行 $_POST['likeMsg'] 的 var_dump 和 $likeMsg 的 var_dump。这为您提供了有关问题所在的信息。
Do a var_dump of $_POST['likeMsg'], and a var_dump of $likeMsg. That gives you information on what goes wrong.
如果您尚未连接到数据库,mysql_real_escape_string() 将返回空白响应...
mysql_real_escape_string() will return blank response if you have not made connection to database ...