-4
我尝试使用此函数停止SQL_injection。但我不知道为什么我会得到这个错误?试图解决mysqli_real_escape_string错误
define('DB_HOST', 'localhost');
define('DB_USER', 'root');
define('DB_PASSWORD', '');
define('DB_DATABASE', 'cms');
$link = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE);
if (mysqli_connect_errno()){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
mysqli_query($link, "SET NAMES 'utf8';");
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysqli_real_escape_string($link, $str);
}
$SmjestajGPS = clean($_POST['SmjestajGPS']);
我得到这个错误:
Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in /home/ninpriva/public_html/admin/smjestaj-obrada.php on line 17
OK
但是,当我走这条路我没有错误:
$SmjestajGPS = mysqli_real_escape_string($link, $_POST['SmjestajGPS']);
恭喜!你设法问了Stack overflow最流行的问题之一! –
难道你不会在函数范围内得到关于'$ link'未定义的通知吗? – mario
__变量作用域__ –