如何在mysqli中转义字符串
在旧的mysql()代码中,为转义字符串,我这样做:
In old mysql() code, to escape a string, I did this:
t.TeacherUsername = '".mysql_real_escape_string($teacherusername)."'
我正在将代码更改为mysqli,但是我想确定并且安全地在mysqli中转义字符串的内容如下所示:
I am changing my code to mysqli, but what I want to know for sure and to be safe, to escape a string in mysqli is it like this below:
t.TeacherUsername = '".mysqli_real_escape_string($teacherusername)."'
也可以连接到mysqli数据库,如下所示:
Also to connect to mysqli database is it like this below:
$username="xxx";
$password="xxx";
$database="xxx";
mysqli_connect('localhost',$username,$password);
mysqli_select_db($database) or die( "Unable to select database");
我所做的就是将mysql更改为mysqli,对吗?
All I have done is change mysql to mysqli, is that correct?
更新:
现在这是使用mysqli连接数据库的正确方法吗?
Is this now the correct way to connect to database using mysqli:
$username="xxx";
$password="xxx";
$database="mobile_app";
$mysqli = new mysqli("localhost", $username, $password, $database);
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
您对该函数的使用不正确.
Your use of the function is incorrect.
您必须使用mysqli_connect返回的mysqli链接资源作为mysqli_real_escape_string的第一个参数.
You MUST use the mysqli link resource returned by mysqli_connect as the first parameter to mysqli_real_escape_string.
示例:
$username="xxx";
$password="xxx";
$database="xxx";
$my = mysqli_connect('localhost',$username,$password);
mysqli_select_db($my, $database) or die( "Unable to select database");
$t->TeacherUsername = "'" . mysqli_real_escape_string($my, $teacherusername). "'";