📄 mysqli.real-escape-string.html
字号:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html> <head> <title>Escapes special characters in a string for use in a SQL statement, taking into account the current charset of the connection</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> </head> <body><div style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="mysqli.real-connect.html">mysqli::real_connect</a></div> <div class="next" style="text-align: right; float: right;"><a href="mysqli.real-query.html">mysqli::real_query</a></div> <div class="up"><a href="class.mysqli.html">MySQLi</a></div> <div class="home"><a href="index.html">PHP Manual</a></div></div><hr /><div id="mysqli.real-escape-string" class="refentry"> <div class="refnamediv"> <h1 class="refname">mysqli::real_escape_string</h1> <h1 class="refname">mysqli_real_escape_string</h1> <p class="verinfo">(PHP 5)</p><p class="refpurpose"><span class="refname">mysqli::real_escape_string</span> -- <span class="refname">mysqli_real_escape_string</span> — <span class="dc-title">Escapes special characters in a string for use in a SQL statement, taking into account the current charset of the connection</span></p> </div> <div class="refsect1 description"> <h3 class="title">Description</h3> <p class="para">Object oriented style (both methods are equivalent):</p> <div class="methodsynopsis dc-description"> <span class="type">string</span> <span class="methodname"><b><a href="function.mysqli-escape-string.html" class="function">mysqli::escape_string</a></b></span> ( <span class="methodparam"><span class="type">string</span> <tt class="parameter">$escapestr</tt></span> )</div> <div class="methodsynopsis dc-description"> <span class="type">string</span> <span class="methodname"><b><b>real_escape_string</b></b></span> ( <span class="methodparam"><span class="type">string</span> <tt class="parameter">$escapestr</tt></span> )</div> <p class="para rdfs-comment">Procedural style:</p> <div class="methodsynopsis dc-description"> <span class="type">string</span> <span class="methodname"><b><b>mysqli_real_escape_string</b></b></span> ( <span class="methodparam"><span class="type"><a href="class.mysqli.html" class="type mysqli">mysqli</a></span> <tt class="parameter">$link</tt></span> , <span class="methodparam"><span class="type">string</span> <tt class="parameter">$escapestr</tt></span> )</div> <p class="para rdfs-comment"> This function is used to create a legal SQL string that you can use in an SQL statement. The given string is encoded to an escaped SQL string, taking into account the current character set of the connection. </p> </div> <div class="refsect1 parameters"> <h3 class="title">Parameters</h3> <p class="para"> <dl> <dt><span class="term"><i><tt class="parameter">link</tt></i></span><dd><p class="para">Procedural style only: A link identifierreturned by <a href="mysqli.connect.html" class="function">mysqli_connect()</a> or <a href="mysqli.init.html" class="function">mysqli_init()</a></p></dd></dt> <dt> <span class="term"><i><tt class="parameter">escapestr</tt></i></span> <dd> <p class="para"> The string to be escaped. </p> <p class="para"> Characters encoded are <i>NUL (ASCII 0), \n, \r, \, ', ", and Control-Z</i>. </p> </dd> </dt> </dl> </p> </div> <div class="refsect1 returnvalues"> <h3 class="title">Return Values</h3> <p class="para"> Returns an escaped string. </p> </div> <div class="refsect1 examples"> <h3 class="title">Examples</h3> <div class="example"> <p><b>Example #1 Object oriented style</b></p> <div class="example-contents"><div class="phpcode"><code><span style="color: #000000"><span style="color: #0000BB"><?php<br />$mysqli </span><span style="color: #007700">= new </span><span style="color: #0000BB">mysqli</span><span style="color: #007700">(</span><span style="color: #DD0000">"localhost"</span><span style="color: #007700">, </span><span style="color: #DD0000">"my_user"</span><span style="color: #007700">, </span><span style="color: #DD0000">"my_password"</span><span style="color: #007700">, </span><span style="color: #DD0000">"world"</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">/* check connection */<br /></span><span style="color: #007700">if (</span><span style="color: #0000BB">mysqli_connect_errno</span><span style="color: #007700">()) {<br /> </span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"Connect failed: %s\n"</span><span style="color: #007700">, </span><span style="color: #0000BB">mysqli_connect_error</span><span style="color: #007700">());<br /> exit();<br />}<br /><br /></span><span style="color: #0000BB">$mysqli</span><span style="color: #007700">-></span><span style="color: #0000BB">query</span><span style="color: #007700">(</span><span style="color: #DD0000">"CREATE TEMPORARY TABLE myCity LIKE City"</span><span style="color: #007700">);<br /><br /></span><span style="color: #0000BB">$city </span><span style="color: #007700">= </span><span style="color: #DD0000">"'s Hertogenbosch"</span><span style="color: #007700">;<br /><br /></span><span style="color: #FF8000">/* this query will fail, cause we didn't escape $city */<br /></span><span style="color: #007700">if (!</span><span style="color: #0000BB">$mysqli</span><span style="color: #007700">-></span><span style="color: #0000BB">query</span><span style="color: #007700">(</span><span style="color: #DD0000">"INSERT into myCity (Name) VALUES ('$city')"</span><span style="color: #007700">)) {<br /> </span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"Error: %s\n"</span><span style="color: #007700">, </span><span style="color: #0000BB">$mysqli</span><span style="color: #007700">-></span><span style="color: #0000BB">sqlstate</span><span style="color: #007700">);<br />}<br /><br /></span><span style="color: #0000BB">$city </span><span style="color: #007700">= </span><span style="color: #0000BB">$mysqli</span><span style="color: #007700">-></span><span style="color: #0000BB">real_escape_string</span><span style="color: #007700">(</span><span style="color: #0000BB">$city</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">/* this query with escaped $city will work */<br /></span><span style="color: #007700">if (</span><span style="color: #0000BB">$mysqli</span><span style="color: #007700">-></span><span style="color: #0000BB">query</span><span style="color: #007700">(</span><span style="color: #DD0000">"INSERT into myCity (Name) VALUES ('$city')"</span><span style="color: #007700">)) {<br /> </span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"%d Row inserted.\n"</span><span style="color: #007700">, </span><span style="color: #0000BB">$mysqli</span><span style="color: #007700">-></span><span style="color: #0000BB">affected_rows</span><span style="color: #007700">);<br />}<br /><br /></span><span style="color: #0000BB">$mysqli</span><span style="color: #007700">-></span><span style="color: #0000BB">close</span><span style="color: #007700">();<br /></span><span style="color: #0000BB">?></span></span></code></div> </div> </div> <div class="example"> <p><b>Example #2 Procedural style</b></p> <div class="example-contents"><div class="phpcode"><code><span style="color: #000000"><span style="color: #0000BB"><?php<br />$link </span><span style="color: #007700">= </span><span style="color: #0000BB">mysqli_connect</span><span style="color: #007700">(</span><span style="color: #DD0000">"localhost"</span><span style="color: #007700">, </span><span style="color: #DD0000">"my_user"</span><span style="color: #007700">, </span><span style="color: #DD0000">"my_password"</span><span style="color: #007700">, </span><span style="color: #DD0000">"world"</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">/* check connection */<br /></span><span style="color: #007700">if (</span><span style="color: #0000BB">mysqli_connect_errno</span><span style="color: #007700">()) {<br /> </span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"Connect failed: %s\n"</span><span style="color: #007700">, </span><span style="color: #0000BB">mysqli_connect_error</span><span style="color: #007700">());<br /> exit();<br />}<br /><br /></span><span style="color: #0000BB">mysqli_query</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">, </span><span style="color: #DD0000">"CREATE TEMPORARY TABLE myCity LIKE City"</span><span style="color: #007700">);<br /><br /></span><span style="color: #0000BB">$city </span><span style="color: #007700">= </span><span style="color: #DD0000">"'s Hertogenbosch"</span><span style="color: #007700">;<br /><br /></span><span style="color: #FF8000">/* this query will fail, cause we didn't escape $city */<br /></span><span style="color: #007700">if (!</span><span style="color: #0000BB">mysqli_query</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">, </span><span style="color: #DD0000">"INSERT into myCity (Name) VALUES ('$city')"</span><span style="color: #007700">)) {<br /> </span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"Error: %s\n"</span><span style="color: #007700">, </span><span style="color: #0000BB">mysqli_sqlstate</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">));<br />}<br /><br /></span><span style="color: #0000BB">$city </span><span style="color: #007700">= </span><span style="color: #0000BB">mysqli_real_escape_string</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">, </span><span style="color: #0000BB">$city</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">/* this query with escaped $city will work */<br /></span><span style="color: #007700">if (</span><span style="color: #0000BB">mysqli_query</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">, </span><span style="color: #DD0000">"INSERT into myCity (Name) VALUES ('$city')"</span><span style="color: #007700">)) {<br /> </span><span style="color: #0000BB">printf</span><span style="color: #007700">(</span><span style="color: #DD0000">"%d Row inserted.\n"</span><span style="color: #007700">, </span><span style="color: #0000BB">mysqli_affected_rows</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">));<br />}<br /><br /></span><span style="color: #0000BB">mysqli_close</span><span style="color: #007700">(</span><span style="color: #0000BB">$link</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?></span></span></code></div> </div> </div> <p class="para">The above example will output:</p> <div class="example-contents"><pre><div class="cdata"><pre>Error: 420001 Row inserted.</pre></div> </pre></div> </div> <div class="refsect1 seealso"> <h3 class="title">See Also</h3> <p class="para"> <ul class="simplelist"> <li class="member"><a href="mysqli.character-set-name.html" class="function" rel="rdfs-seeAlso">mysqli_character_set_name()</a></li> </ul> </p> </div></div><hr /><div style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="mysqli.real-connect.html">mysqli::real_connect</a></div> <div class="next" style="text-align: right; float: right;"><a href="mysqli.real-query.html">mysqli::real_query</a></div> <div class="up"><a href="class.mysqli.html">MySQLi</a></div> <div class="home"><a href="index.html">PHP Manual</a></div></div></body></html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -