如何在 mysqli_real_escape_string 之间放置一个值
how to put a VALUE between mysqli_real_escape_string
我想用下载文件的名称在数据库中存储一些下载计数。
这工作正常:
$filename = $_GET['file'];
// in combination with
mysqli_query($link, "INSERT INTO download_manager (filename,downloads)
VALUES ('$filename',1) ON DUPLICATE KEY UPDATE downloads = downloads+ 1;");
现在我想用 mysqli_real_escape_string
转义 $_GET
当我这样做时,脚本不再工作:
$filename = mysqli_real_escape_string($_GET['file']);
// in combination with
mysqli_query($link, "INSERT INTO download_manager (filename,downloads)
VALUES ('$filename',1) ON DUPLICATE KEY UPDATE downloads = downloads+ 1;");
如何正确使用此示例中的 mysqli_real_escape_string
?
来自php文档mysqli_real_escape_string程序风格
string mysqli_real_escape_string ( mysqli $link , string $escapestr )
所以你的代码应该是
$filename = mysqli_real_escape_string($link,$_GET['file']);
我想用下载文件的名称在数据库中存储一些下载计数。 这工作正常:
$filename = $_GET['file'];
// in combination with
mysqli_query($link, "INSERT INTO download_manager (filename,downloads)
VALUES ('$filename',1) ON DUPLICATE KEY UPDATE downloads = downloads+ 1;");
现在我想用 mysqli_real_escape_string
转义 $_GET当我这样做时,脚本不再工作:
$filename = mysqli_real_escape_string($_GET['file']);
// in combination with
mysqli_query($link, "INSERT INTO download_manager (filename,downloads)
VALUES ('$filename',1) ON DUPLICATE KEY UPDATE downloads = downloads+ 1;");
如何正确使用此示例中的 mysqli_real_escape_string
?
来自php文档mysqli_real_escape_string程序风格
string mysqli_real_escape_string ( mysqli $link , string $escapestr )
所以你的代码应该是
$filename = mysqli_real_escape_string($link,$_GET['file']);