mysqli::real_escape_string

    mysqli_real_escape_string

    (PHP 5, PHP 7, PHP 8)

    mysqli::real_escape_string -- mysqli_real_escape_stringEscapes special characters in a string for use in an SQL statement, taking into account the current charset of the connection

    Açıklama

    Nesne yönelimli kullanım

    publicmysqli::real_escape_string(string$string): string

    Yordamsal kullanım

    mysqli_real_escape_string(mysqli$mysql, string$string): string

    This function is used to create a legal SQL string that you can use in an SQL statement. The given string is encoded to produce an escaped SQL string, taking into account the current character set of the connection.

    Dikkat

    Security: the default character set

    The character set must be set either at the server level, or with the API function mysqli_set_charset() for it to affect mysqli_real_escape_string(). See the concepts section on character sets for more information.

    Bağımsız Değişkenler

    bağlantı

    Sadece yordamsal tarz: mysqli_connect() veya mysqli_init() işlevinden dönen bir mysqli nesnesi.

    string

    The string to be escaped.

    Characters encoded are NUL (ASCII 0), \n, \r, \, ', ", and CTRL+Z.

    Dönen Değerler

    Returns an escaped string.

    Örnekler

    Örnek 1 mysqli::real_escape_string() example

    Nesne yönelimli kullanım

    <?php

    mysqli_report    (MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
    $mysqli = new mysqli("localhost", "my_user", "my_password", "world");

    $city = "'s-Hertogenbosch";


    $query = sprintf("SELECT CountryCode FROM City WHERE name='%s'",
    $mysqli->real_escape_string($city));
    $result = $mysqli->query($query);
    printf("Select returned %d rows.\n", $result->num_rows);


    $query = sprintf("SELECT CountryCode FROM City WHERE name='%s'", $city);
    $result = $mysqli->query($query);

    Yordamsal kullanım

    <?php

    mysqli_report    (MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
    $mysqli = mysqli_connect("localhost", "my_user", "my_password", "world");

    $city = "'s-Hertogenbosch";


    $query = sprintf("SELECT CountryCode FROM City WHERE name='%s'",
    mysqli_real_escape_string($mysqli, $city));
    $result = mysqli_query($mysqli, $query);
    printf("Select returned %d rows.\n", mysqli_num_rows($result));


    $query = sprintf("SELECT CountryCode FROM City WHERE name='%s'", $city);
    $result = mysqli_query($mysqli, $query);

    The above examples will output something similar to:

    Select returned 1 rows. Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's-Hertogenbosch'' at line 1 in...

    Ayrıca Bakınız

    To Top