function.mysql-real-escape-string.html

来自「php的帮助文档,涉及到PHP的案例和基本语法,以及实际应用内容」· HTML 代码 · 共 211 行 · 第 1/2 页

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
 <head>
  <title>Escapes special characters in a string for use in a SQL statement</title>
  <meta http-equiv="content-type" content="text/html; charset=UTF-8">
 </head>
 <body><div style="text-align: center;">
 <div class="prev" style="text-align: left; float: left;"><a href="function.mysql-query.html">mysql_query</a></div>
 <div class="next" style="text-align: right; float: right;"><a href="function.mysql-result.html">mysql_result</a></div>
 <div class="up"><a href="ref.mysql.html">MySQL Functions</a></div>
 <div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="function.mysql-real-escape-string" class="refentry">
 <div class="refnamediv">
  <h1 class="refname">mysql_real_escape_string</h1>
  <p class="verinfo">(PHP 4 &gt;= 4.3.0, PHP 5, PECL mysql:1.0)</p><p class="refpurpose"><span class="refname">mysql_real_escape_string</span> &mdash; <span class="dc-title">Escapes special characters in a string for use in a SQL statement</span></p>

 </div>

 <div class="refsect1 description">
  <h3 class="title">Description</h3>
  <div class="methodsynopsis dc-description">
   <span class="type">string</span> <span class="methodname"><b><b>mysql_real_escape_string</b></b></span>
    ( <span class="methodparam"><span class="type">string</span> <tt class="parameter">$unescaped_string</tt></span>
   [, <span class="methodparam"><span class="type">resource</span> <tt class="parameter">$link_identifier</tt></span>
  ] )</div>

  <p class="para rdfs-comment">
   Escapes special characters in the <i><tt class="parameter">unescaped_string</tt></i>
, 
   taking into account the current character set of the connection so that it 
   is safe to place it in a <a href="function.mysql-query.html" class="function">mysql_query()</a>. If binary data 
   is to be inserted, this function must be used.
  </p>
  <p class="para">
   <b>mysql_real_escape_string()</b> calls MySQL&#039;s library function
   mysql_real_escape_string, which prepends backslashes to the following characters:
   <i>\x00</i>, <i>\n</i>,
   <i>\r</i>, <i>\</i>, <i>&#039;</i>,
   <i>&quot;</i> and <i>\x1a</i>.
  </p>
  <p class="para">
   This function must always (with few exceptions) be used to make data
   safe before sending a query to MySQL.
  </p>
 </div>


 <div class="refsect1 parameters">
  <h3 class="title">Parameters</h3>
  <p class="para">
   <dl>

    <dt>

     <span class="term"><i><tt class="parameter">unescaped_string</tt></i>
</span>

     <dd>

      <p class="para">
       The string that is to be escaped.
      </p>
     </dd>

    </dt>

    <dt>
<span class="term"><i><tt class="parameter">
link_identifier</tt></i>
</span>
<dd>
<p class="para">The MySQL connection. If the 
link identifier is not specified, the last link opened by 
<a href="function.mysql-connect.html" class="function">mysql_connect()</a> is assumed. If no such link is found, it
will try to create one as if <a href="function.mysql-connect.html" class="function">mysql_connect()</a> was called
with no arguments. If by chance no connection is found or established, an
<b><tt>E_WARNING</tt></b> level error is generated.</p></dd>

</dt>

   </dl>

  </p>
 </div>


 <div class="refsect1 returnvalues">
  <h3 class="title">Return Values</h3>
  <p class="para">
   Returns the escaped string, or <b><tt>FALSE</tt></b> on error.
  </p>
 </div>


 <div class="refsect1 examples">
  <h3 class="title">Examples</h3>
  <p class="para">
   <div class="example">
    <p><b>Example #1 Simple <b>mysql_real_escape_string()</b> example</b></p>
    <div class="example-contents">
<div class="phpcode"><code><span style="color: #000000">
<span style="color: #0000BB">&lt;?php<br /></span><span style="color: #FF8000">//&nbsp;Connect<br /></span><span style="color: #0000BB">$link&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">mysql_connect</span><span style="color: #007700">(</span><span style="color: #DD0000">'mysql_host'</span><span style="color: #007700">,&nbsp;</span><span style="color: #DD0000">'mysql_user'</span><span style="color: #007700">,&nbsp;</span><span style="color: #DD0000">'mysql_password'</span><span style="color: #007700">)<br />&nbsp;&nbsp;&nbsp;&nbsp;OR&nbsp;die(</span><span style="color: #0000BB">mysql_error</span><span style="color: #007700">());<br /><br /></span><span style="color: #FF8000">//&nbsp;Query<br /></span><span style="color: #0000BB">$query&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">sprintf</span><span style="color: #007700">(</span><span style="color: #DD0000">"SELECT&nbsp;*&nbsp;FROM&nbsp;users&nbsp;WHERE&nbsp;user='%s'&nbsp;AND&nbsp;password='%s'"</span><span style="color: #007700">,<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #0000BB">mysql_real_escape_string</span><span style="color: #007700">(</span><span style="color: #0000BB">$user</span><span style="color: #007700">),<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #0000BB">mysql_real_escape_string</span><span style="color: #007700">(</span><span style="color: #0000BB">$password</span><span style="color: #007700">));<br /></span><span style="color: #0000BB">?&gt;</span>
</span>
</code></div>
    </div>