$ _GET或转义字符串是不可预测的。 请解释?
问题描述:
i simply pass 3 values to the URL and while testing i was trying to echo them back to the screen but it will only echo each value once even though i have set it to echo at various points. once i escape the value it wont let me echo it. Why is this?
<?php
session_start();
if (isset($_SESSION['SESSION_C']) && ($_SESSION['SESSION_C']==true))
{
$getyear = $_GET["Year"];
echo $getyear; (IT WILL ECHO AT THIS POINT)
$getyear = mysql_real_escape_string($getyear);
echo $getyear; (BUT WONT ECHO HERE)
$getsite = $_GET["Site"];
echo $getsite;
$getsite = mysql_real_escape_string($getsite);
echo $getsite;
$getsite = str_replace(' ', '', $getsite);
echo $getsite;
$getdoc = $_GET["Doc"];
echo $getdoc;
$getdoc = mysql_real_escape_string($getdoc);
echo $getdoc;
}
else
{
echo "sessionerror";
}
?>
我只是将3个值传递给URL,而测试时我试图将它们回显到屏幕但它会 即使我已将其设置为在各个点回显,也只回显每个值一次。 一旦我逃脱了价值,它就不会让我回应它。 这是为什么? p>
&lt;?php
session_start();
if(isset($ _ SESSION ['SESSION_C'])&amp;&amp;($ _SESSION [ 'SESSION_C'] == true))
{
$ getyear = $ _GET [“Year”];
echo $ getyear; (它将在这一点上回应)
$ getyear = mysql_real_escape_string($ getyear);
echo $ getyear; (但是这里有回声)
$ getsite = $ _GET [“Site”];
echo $ getsite;
$ getsite = mysql_real_escape_string($ getsite);
echo $ getsite;
$ getsite = str_replace ('','',$ getite);
echo $ getsite;
$ getdoc = $ _GET [“Doc”];
echo $ getdoc;
$ getdoc = mysql_real_escape_string($ getdoc); \ n echo $ getdoc;
}
else
{
echo“sessionerror”;
}
?&gt;
code> pre>
div>
答
mysql_real_escape_string() requires a open connection to mysql. Otherwise it will return false. I guess var_dump($getdoc); will give you boolean(false).
You'll have to call mysql_connect() before that code.