-4
我嘗試使用此函數停止SQL_injection。但我不知道爲什麼我會得到這個錯誤?試圖解決mysqli_real_escape_string錯誤
define('DB_HOST', 'localhost');
define('DB_USER', 'root');
define('DB_PASSWORD', '');
define('DB_DATABASE', 'cms');
$link = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE);
if (mysqli_connect_errno()){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
mysqli_query($link, "SET NAMES 'utf8';");
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysqli_real_escape_string($link, $str);
}
$SmjestajGPS = clean($_POST['SmjestajGPS']);
我得到這個錯誤:
Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in /home/ninpriva/public_html/admin/smjestaj-obrada.php on line 17
OK
但是,當我走這條路我沒有錯誤:
$SmjestajGPS = mysqli_real_escape_string($link, $_POST['SmjestajGPS']);
恭喜!你設法問了Stack overflow最流行的問題之一! –
難道你不會在函數範圍內得到關於'$ link'未定義的通知嗎? – mario
__變量作用域__ –