mysqli_real_escape_string函数[重复]

This question already has an answer here:

How can I prevent SQL injection in PHP? 28 answers
Reference: What is variable scope, which variables are accessible from where and what are “undefined variable” errors? 3 answers

I am trying to create a shortened mysqli_real_escape_string function

code works when used directly, but get errors when trying to turn into a function

this works perfectly: '''

$conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
$username = $conn->real_escape_string($_GET['user_name']);

''' BUT using the following code: '''

$conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
function cleanstr($cleanval){
    $cleanval= $conn->real_escape_string($cleanval);
    //$cleanval =mysqli_real_escape_string($conn, $cleanval);
    return $cleanval;
}
$username = cleanstr($_GET['user_name']);

''' I get errors:

........................

( ! ) Notice: Undefined variable: conn in C:\wamp64\www\Dataeg\functions.php on line 21
Call Stack
#   Time    Memory  Function    Location
1   0.0004  403064  {main}( )   ...\verify_email.php:0
2   0.1575  420064  cleanstr( ) ...\verify_email.php:10

( ! ) Fatal error: Uncaught Error: Call to a member function real_escape_string() on null in C:\wamp64\www\Dataeg\functions.php on line 21
( ! ) Error: Call to a member function real_escape_string() on null in C:\wamp64\www\Dataeg\functions.php on line 21
Call Stack
#   Time    Memory  Function    Location
1   0.0004  403064  {main}( )   ...\verify_email.php:0
2   0.1575  420064  cleanstr( ) ...\verify_email.php:10

.......................................... Am i doing something wrong, or is there no way to use real_escape_string is in a custom function

</div>

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

报告相同问题？

关注问题

对于PHP函数mysqli_real_escape_string（），$ link的目的是什么？ php
2017-02-07 02:53

回答 2 已采纳 That's a good and very logical question. Indeed, why would we need a connection for a trifle strin
为什么我们应该在登录中使用mysqli_real_escape_string（）和stripslashes（）函数并注册php文件 php
2015-08-28 17:00

回答 1 已采纳 Using these functions makes your site less vulnerable to SQL injection attacks, where an attacker
如果在php类中建立连接并且在单独的函数文件中使用函数mysqli_real_escape_string，我如何使用mysql连接？ mysql php
2014-07-15 06:44

回答 1 已采纳 You can do it by more than one way : 1.1- Try putting the escape function inside the connect clas
mysqli mysql_real_escape_string_PHP mysqli_real_escape_string() 函数
2021-02-07 23:38

weixin_39719101的博客实例转义字符串中的特殊字符：$con=mysqli_connect("localhost","my_user","my_password","my_db");// Check connectionif (mysqli_connect_errno($con)){echo "Failed to connect to MySQL: " . mysqli_connect_...
在非对象上调用成员函数real_escape_string（） mysql php
2011-06-20 23:52

回答 3 已采纳 Probably the better solution would be to create a singleton function: function get_my_db() {
无法使用password_verify函数验证[复制] php
2016-10-19 10:47

回答 1 已采纳 Change these two lines and it should work. $password = mysqli_real_escape_string($con, $_POST['pa
将$ _POST / $ _ GET作为参数传递给函数 php
2015-08-31 17:08

回答 3 已采纳 IMHO it's a practice of abstraction, and there are benefits: Generality: by receiving $_POST as
php mysql_real_escape_string函数用法与实例教程
2021-01-20 00:35

语法mysql_real_escape_string(string,connection) 参数描述 string 必需。规定要转义的字符串。 connection 可选。规定 MySQL 连接。如果未规定，则使用上一个连接。说明本函数将 string 中的特殊字符转义...
无法从PHP函数回显或打印 php
2019-04-15 04:44

回答 2 已采纳 Just use keep your code inside a function and call the function name while post your input Ex:
在php中查找意图连接函数 mysql php
2017-11-02 06:32

回答 1 已采纳 you should use $conn = db::getInstance();
如果PDO和mysqli不可用，使用mysql_ *函数是否安全？ mysql php
2012-11-06 08:49

回答 3 已采纳 If you're really rigorous about always using mysql_real_escape_string() with all user-supplied inp
mysqli_real_escape_string() 函数
2019-04-11 10:04

冷月醉雪的博客查看更多 https://www.yuque.com/docs/share/eaca5dfb-cf45-481c-8ff0-6dbbff465125
在PHP函数中加入SQL中的5个表 mysql php sql
2014-07-27 17:41

回答 3 已采纳 The order of your join operations is wrong. You've got to swap the last two ones. Instead of $que
php escape的用法,PHP mysqli_real_escape_string() 函数用法及示例
2021-04-26 21:51

给你一个熊猫眼的博客 PHP mysqli_real_escape_string() 函数用法及示例mysqli_real_escape_string()函数根据当前连接的字符集，对于 SQL 语句中的特殊字符进行转义。定义和用法mysqli_real_escape_string()函数用来对字符串中的特殊字符...
sqlilabs关于mysqli_real_escape_string函数报错的问题解决。
2022-08-30 11:28

snowman12138的博客 sqlilabs关于mysqli_real_escape_string函数报错的问题解决。
mysql_real_escape_string php_PHP mysqli_real_escape_string() 函数 | 菜鸟教程
2021-01-18 18:55

户外探险OUTDOOR的博客 PHP mysqli_real_escape_string() 函数转义字符串中的特殊字符：// 假定数据库用户名：root，密码：123456，数据库：RUNOOB$con=mysqli_connect("localhost","root","123456","RUNOOB");if (mysqli_connect_errno($...
PHP mysqli_real_escape_string() 函数
2019-07-16 13:49

allway2的博客 PHPmysqli_real_escape_string()函数 PHP MySQLi 参考手册转义字符串中的特殊字符： <?php // 假定数据库用户名：root，密码：123456，数据库：RUNOOB $con=mysqli_connect("localhost","root","123456",...
php mysql_real_PHP mysqli_real_escape_string() 函数_程序员人生
2021-02-02 20:25

凌沦的博客实例转义字符串中的特殊字符：$con=mysqli_connect("localhost","my_user","my_password","my_db");// Check connectionif (mysqli_connect_errno($con)){echo "Failed to connect to MySQL: " . mysqli_connect_...
mysql escape 函数_mysql_real_escape_string（）函数的作用
2021-01-19 00:57

隅隅隅的博客相关函数:get_magic_quotes_gpc()在PHP5.4中已被丢弃mysql_real_escape_string()说明这个函数在PHP5.5中不建议使用,在将来的版本中将会被丢弃,建议使用:mysql_real_escape_string()函数的作用：防止SQL Injection...
没有解决我的问题, 去提问

悬赏问题

¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
¥20 BAPI_PR_CHANGE how to add account assignment information for service line
¥500 火焰左右视图、视差（基于双目相机）
¥100 set_link_state
¥15 虚幻5 UE美术毛发渲染
¥15 CVRP 图论物流运输优化
¥15 Tableau online 嵌入ppt失败
¥100 支付宝网页转账系统不识别账号
¥15 基于单片机的靶位控制系统
¥15 真我手机蓝牙传输进度消息被关闭了，怎么打开？(关键词-消息通知)

码龄粉丝数原力等级 --

mysqli_real_escape_string函数[重复]

0条回答默认最新

悬赏问题

mysqli_real_escape_string函数[重复]

0条回答 默认 最新

悬赏问题

0条回答默认最新