用php将特殊字符传递给mysql数据库

I seem to be having a small issue with my database here. I'm using mySQL and posting using php, however the problem I face is that I can't post special characters to the database because they're using in php and causes an error. So I believe the best option is using mysqli_real_escape_string(). So I set up my vairaible that I'm using as the values to post to my database with the mysqli_real_escape_string() and I'm getting the following error:

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given

Which makes be think I haven't set it up correctly as I thought I only needed to pass the one parameter not two. I have my php set up like this if anyone can correct me that would be great:

<?php

  $servername = "localhost";

  $username = "root";

  $password = "";

  $dbname = "dbname";

  $conn = new mysqli($servername, $username, $password, $dbname);

  if ($_SERVER['REQUEST_METHOD'] == 'POST') {

    $name = mysqli_real_escape_string(strtolower($_POST['name']));

    $header = strtolower($_POST['header']);

    $address = strtolower($_POST['address']);

    $city = strtolower($_POST['city']);

    $county = strtolower($_POST['county']);

    $post = strtolower($_POST['post']);

    $tele = strtolower($_POST['tele']);

    $mob = strtolower($_POST['mob']);

    $email = strtolower($_POST['email']);

    $web = strtolower($_POST['web']);


    $sql1 = mysqli_query($conn, "SELECT * FROM business_dir WHERE `name` = '$name'");

    $matchFound = mysqli_num_rows($sql1) > 0 ? 'true' : 'false';

    if ($matchFound == 'false') {

      $sql2 = "INSERT INTO business_dir (`name`, `header`, `address`, `city`, `county`, `post`, `tele`, `mob`, `email`, `web`) VALUES ('$name', '$header', '$address', '$city','$county','$post', '$tele', '$mob', '$email', '$web')";

      if ($conn->query($sql2) === TRUE) {

          echo '<div class="alert alert-success text-center" style="margin:20px;" role="alert">Business Succesfully Added!</div>';              

      }

      else {

        echo '<div class="alert alert-danger text-center" style="margin:20px;" role="alert">Error: ' . $sql2 . "<br>" . $conn->error.'</div>';

      }

    }

    else {

      echo '<div class="alert alert-danger text-center" style="margin:20px;" role="alert">Business Failed To Be Added, An Entry With The Same Name Already Exists!</div>';

    }

  }

?>

Thanks guys.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

3条回答默认最新

dongye9820 2018-05-10 17:44

关注

You're heavily mixing object oriented functions and procedural functions which will not work. I've converted your full example to an object oriented approach below:

<?php    
    $servername = "localhost";
    $username = "root";
    $password = "";  
    $dbname = "dbname";

    $conn = new mysqli($servername, $username, $password, $dbname);

    if ($_SERVER['REQUEST_METHOD'] == 'POST') {
        $name = $conn->real_escape_string(strtolower($_POST['name'])); 
        $header = strtolower($_POST['header']);
        $address = strtolower($_POST['address']);
        $city = strtolower($_POST['city']);    
        $county = strtolower($_POST['county']);
        $post = strtolower($_POST['post']);
        $tele = strtolower($_POST['tele']);    
        $mob = strtolower($_POST['mob']);    
        $email = strtolower($_POST['email']);    
        $web = strtolower($_POST['web']);

        $stmt = $conn->prepare("SELECT * FROM business_dir WHERE `name` = ?");
        $stmt->bind_param("s", $name);
        $stmt->execute();
        $stmt->store_result();

        $matchFound = $stmt->num_rows > 0 ? TRUE : FALSE;

        // Close the prepared statement
        $stmt->close();

        if ($matchFound === FALSE) {  
            $stmt = $conn->prepare("INSERT INTO business_dir (`name`, `header`, `address`, `city`, `county`, `post`, `tele`, `mob`, `email`, `web`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
            $stmt->bind_param("ssssssssss", $name, $header, $address, $city, $county, $post, $tele, $mob, $email, $web);

            if ($stmt->execute() == TRUE) {
                echo '<div class="alert alert-success text-center" style="margin:20px;" role="alert">Business Succesfully Added!</div>';              
            } else {
                echo '<div class="alert alert-danger text-center" style="margin:20px;" role="alert">Error: ' . $sql2 . "<br>" . $conn->error.'</div>';
            }

            $stmt->close();
        } else {
            echo '<div class="alert alert-danger text-center" style="margin:20px;" role="alert">Business Failed To Be Added, An Entry With The Same Name Already Exists!</div>';
        }
    }

    // Close the mysqli connection
    $conn->close();
?>

In addition, mysqli_real_escape_string() offers little protection against SQL Injection Attacks. As such, I've modified your example to use prepared statements for added security.

本回答被题主选为最佳回答 , 对您是否有帮助呢?

查看更多回答(2条)

报告相同问题？

关注问题

用php将特殊字符传递给mysql数据库 php
2018-05-10 16:26

回答 3 已采纳 You're heavily mixing object oriented functions and procedural functions which will not work. I've
使用PHP将中文字符插入mysql数据库 mysql php
2013-04-13 12:45

回答 1 已采纳 First, there is a typo. You've used mysql_query() instead of mysqli_query() Following the mysql
使用PHP从MySQL数据库中获取特殊字符[复制] mysql php
2013-04-09 03:08

回答 3 已采纳 Below code works for me. $sql = "SELECT * FROM chartest"; mysql_set_charset("UTF8"); $rs = mysql_
php将字符串存入mysql_php 写入数据库时特殊字符串处理（何时转义特殊字符）
2021-01-19 21:50

琴台梦的博客在处理MySQL和GET、POST的数据时，常常要对数据的引号进行转义操作。PHP中有三个设置可以实现自动对’(单引号)，”(双引号)，\(反斜线)和 NULL 字符转转。PHP称之为魔术引号，这三项设置分别是magic_quotes_gpc影响...
用php将js变量存入mysql时出错 javascript mysql php 有问必答
2021-07-06 17:05

回答 2 已采纳服务器端无法直接调用客户端js变量，需要用ajax提交后获取~帮助到你请点个采纳【右上角】，谢谢 <script> var a = "ABC"; $.ajax({
为什么我们需要在将字符串变量插入mysql数据库php时包含引号 mysql php
2013-08-11 11:49

回答 2 已采纳 This is how the MySQL syntax works. PHP is merely constructing the query for you. PHP will replac
如何将php代码插入数据库？ database mysql php
2017-04-25 12:56

回答 2 已采纳 Escape your input data with a real_escape_string function: http://php.net/manual/en/mysqli.real-es
php面试mysql数据库题_PHP面试题 - MySQL数据库
2021-03-04 08:41

Timecompanion的博客 1. 写出下面2个PHP操作Mysql函数的作用和区别(新浪网技术部)mysql_num_rows()mysql_affected_rows()这两个函数都作用于mysql_query($query)操作的结果，mysql_num_rows()返回结果集中行的数目。mysql_affected_rows...
laravel框架php mysql增删改查怎么转义特殊字符 mysql php
2018-11-14 09:05

回答 1 已采纳 https://laravel-china.org/index.php/topics/18926
php连接数据库实现登录效果显示失败 php phpstorm 数据库
2022-04-25 11:48

回答 2 已采纳 $sql = "select * from info where username = '".$username."' and pw ='“.md5($pw).“'"; .md5($pw) 两边是中
php向mysql写入数据失败 mysql php 数据库
2022-07-30 14:03

回答 1 已采纳像他这样呢https://blog.csdn.net/weixin_41735943/article/details/83963942
使用php从网络访问mysql数据库,使用PHP从web访问mysql数据库
2021-04-28 05:33

何耀辉 Jessica的博客一. web数据库构架的工作原理1....2. web服务器接受接收到对特定页面的请求，... mysql数据库接收到对数据库查询的请求，处理请求，并将查询结果返回给php引擎。5. php引擎完成脚本运行后，将结果返回给web服务器6. w...
UTF8 mysql编码的数据库字段只显示php页面中的特殊字符 mysql php
2016-11-10 13:36

回答 1 已采纳 If you are using MySQL then use below after DB connection mysql_query("SET NAMES utf8"); If you
php使用pdo操作mysql数据库实例,php通过pdo实现mysql数据库简单操作
2021-04-25 11:13

weixin_39968946的博客 php中通过pdo来操作mysql是很快速方便的，跟原生js代码比那是简单了不少，小编自己整理了一个类，有点乱，但是基本功能都实现了，大家用的话可以自己拿去稍加整理就好，mySQLHelper类代码：...
PHP与MYSQL数据库连接实现网页登录验证
2022-11-09 15:10

少世的博客 PHP和MYSQL的梦幻联动之网页登录验证
没有解决我的问题, 去提问

悬赏问题

¥40 复杂的限制性的商函数处理
¥15 程序不包含适用于入口点的静态Main方法
¥15 素材场景中光线烘焙后灯光失效
¥15 请教一下各位，为什么我这个没有实现模拟点击
¥15 执行 virtuoso 命令后，界面没有，cadence 启动不起来
¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
¥20 有关区间dp的问题求解
¥15 多电路系统共用电源的串扰问题
¥15 slam rangenet++配置
¥15 有没有研究水声通信方面的帮我改俩matlab代码

码龄粉丝数原力等级 --

用php将特殊字符传递给mysql数据库

3条回答默认最新

码龄粉丝数原力等级 --

悬赏问题

用php将特殊字符传递给mysql数据库

3条回答 默认 最新

悬赏问题

3条回答默认最新