1. 首页
  2. 问答
  3. 试图解决mysqli_real_escape_string错误

试图解决mysqli_real_escape_string错误

2014-02-07 111 views
-4

我尝试使用此函数停止SQL_injection。但我不知道为什么我会得到这个错误?试图解决mysqli_real_escape_string错误

define('DB_HOST', 'localhost'); 
define('DB_USER', 'root'); 
define('DB_PASSWORD', ''); 
define('DB_DATABASE', 'cms'); 

$link = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE); 
if (mysqli_connect_errno()){ 
    echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
} 
mysqli_query($link, "SET NAMES 'utf8';"); 

function clean($str) { 
$str = @trim($str); 
if(get_magic_quotes_gpc()) { 
    $str = stripslashes($str); 
} 
return mysqli_real_escape_string($link, $str); 
} 

$SmjestajGPS = clean($_POST['SmjestajGPS']);

我得到这个错误:

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in /home/ninpriva/public_html/admin/smjestaj-obrada.php on line 17 
OK

但是,当我走这条路我没有错误:

$SmjestajGPS = mysqli_real_escape_string($link, $_POST['SmjestajGPS']);

来源

2014-02-07 Akul Von Itram

+2

恭喜!你设法问了Stack overflow最流行的问题之一! –

+0

难道你不会在函数范围内得到关于'$ link'未定义的通知吗? – mario

+1

__变量作用域__ –

回答

0

清洁应该被改写成这样:

function clean($link, $str) { 
    $str = trim($str); 
    if (get_magic_quotes_gpc()) { 
     $str = stripslashes($str); 
    } 
    return mysqli_real_escape_string($link, $str); 
} 

$SmjestajGPS = clean($link, $_POST['SmjestajGPS']);

来源

2014-02-07 23:03:08 Tim

+0

谢谢,它现在工作正常! –

相关问题

 相关问题