我写了一个基本的包装函数来使用MySQLi来转义字符串.使用它有什么问题吗?是比原来更好?它有用吗?
该函数有两个参数,$conn即MySQLi连接&$var,它是你想要转义的字符串.
function escapestr($conn, &$var){
$var = $conn->real_escape_string($var);
return $var;
}
用法:
$conn = mysqli_connect("localhost", "username", "password", "my_favourite_db");
$userInput = $_GET["input"]; // value: this is my "inputted" string
$userInput = escapestr($conn, $userInput); // value: this is my \"inputted\" string
或者,它可以直接更新变量.
$conn = mysqli_connect("localhost", "username", "password", "my_favourite_db");
$userInput = $_GET["input"]; // value: this is my "inputted" string
escapestr($conn, $userInput); // value: this is my \"inputted\" string