1. 首頁
  2. 問答
  3. 試圖解決mysqli_real_escape_string錯誤

試圖解決mysqli_real_escape_string錯誤

2014-02-07 57 views
-4

我嘗試使用此函數停止SQL_injection。但我不知道爲什麼我會得到這個錯誤?試圖解決mysqli_real_escape_string錯誤

define('DB_HOST', 'localhost'); 
define('DB_USER', 'root'); 
define('DB_PASSWORD', ''); 
define('DB_DATABASE', 'cms'); 

$link = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE); 
if (mysqli_connect_errno()){ 
    echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
} 
mysqli_query($link, "SET NAMES 'utf8';"); 

function clean($str) { 
$str = @trim($str); 
if(get_magic_quotes_gpc()) { 
    $str = stripslashes($str); 
} 
return mysqli_real_escape_string($link, $str); 
} 

$SmjestajGPS = clean($_POST['SmjestajGPS']);

我得到這個錯誤:

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in /home/ninpriva/public_html/admin/smjestaj-obrada.php on line 17 
OK

但是,當我走這條路我沒有錯誤:

$SmjestajGPS = mysqli_real_escape_string($link, $_POST['SmjestajGPS']);

來源

2014-02-07 Akul Von Itram

+2

恭喜!你設法問了Stack overflow最流行的問題之一! –

+0

難道你不會在函數範圍內得到關於'$ link'未定義的通知嗎? – mario

+1

__變量作用域__ –

回答

0

清潔應該被改寫成這樣:

function clean($link, $str) { 
    $str = trim($str); 
    if (get_magic_quotes_gpc()) { 
     $str = stripslashes($str); 
    } 
    return mysqli_real_escape_string($link, $str); 
} 

$SmjestajGPS = clean($link, $_POST['SmjestajGPS']);

來源

2014-02-07 23:03:08 Tim

+0

謝謝,它現在工作正常! –

相關問題

 相關問題