duansha8115 2016-03-07 10:37
浏览 133
已采纳

如何将PHP7的$ mysqli-> real_escape_string与数组一起使用

Before PHP7, I would combine implode and array_map to go through each of the values with mysql_real_escape_string to prepare them for a statement to avoid sql injection. e.g:

$values = implode("', '", array_map('mysql_real_escape_string', $sqlArray));

mysql_real_escape_string has been replaced now by mysqli::real_escape_string. How would the above code be done with the new methods just as easily using the mysqli class in an array_map?

  • 写回答

1条回答 默认 最新

  • dongyuan2388 2016-03-07 10:41
    关注

    You might be better off using prepared statements, but to the question, pass an array of object and method. This should work for anything that takes a callback:

    $result = array_map(array($mysqli, 'real_escape_string'), $sqlArray);

    Assuming you have a $mysqli object that you're working with from the mysqli class.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
编辑
预览

报告相同问题?

手机看
程序员都在用的中文IT技术交流社区

程序员都在用的中文IT技术交流社区

专业的中文 IT 技术社区,与千万技术人共成长

专业的中文 IT 技术社区,与千万技术人共成长

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

 客服 返回
顶部