如何在 mysqli_real_escape_string 之间放置一个值

how to put a VALUE between mysqli_real_escape_string

我想用下载文件的名称在数据库中存储一些下载计数。 这工作正常:

$filename = $_GET['file'];
// in combination with
mysqli_query($link, "INSERT INTO download_manager (filename,downloads) 
                         VALUES ('$filename',1) ON DUPLICATE KEY UPDATE downloads = downloads+ 1;");

现在我想用 mysqli_real_escape_string

转义 $_GET

当我这样做时,脚本不再工作:

$filename = mysqli_real_escape_string($_GET['file']);
// in combination with
mysqli_query($link, "INSERT INTO download_manager (filename,downloads) 
                         VALUES ('$filename',1) ON DUPLICATE KEY UPDATE downloads = downloads+ 1;");

如何正确使用此示例中的 mysqli_real_escape_string

来自php文档mysqli_real_escape_string程序风格

string mysqli_real_escape_string ( mysqli $link , string $escapestr )

所以你的代码应该是

$filename = mysqli_real_escape_string($link,$_GET['file']);