mysqli_real_escape_string无效[关闭]

I have looked all over the web, checked the php syntax but I can't understand why this code is not working.

  // Create connection
  $con=mysqli_connect("localhost","task_user","task","tasks");

  // Check connection
  if (mysqli_connect_errno()) {
    echo "No se puede conectar a la base de datos: " . mysqli_connect_error();
  }
  else{
    //Verificación de la información de logeo
    $username = $_POST["user"];
    $username = stripslashes($username);
    $password = $_POST["passwd"];    
    $username = $mysqli_real_escape_string($con,$username);
    //$password = $mysqli_real_escape_string($password);
    //$sqlquery = "SELECT username,password FROM users WHERE username ='$username' AND password='$password'";
  }


  echo '<script type = "text/javascript"> restoreValues("' . $_POST["user"] . '","' .  $_POST["passwd"] . '"); </script>';
  echo "ALL OK";

If I comment the mysqli_real_escape_string then it works (ALL OK is printed), if I don't it doesn't work. What am I doing wrong??

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

2条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dongsou3041 2014-08-20 12:15
关注
you are using $ sign before function mysqli_real_escape_string

make it

$username = mysqli_real_escape_string($con,$username);

instead of

$username = $mysqli_real_escape_string($con,$username); ^ remove this
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(1条)

报告相同问题？

关注问题

mysqli_real_escape_string（）返回空字符串 mysql php
2015-11-27 13:34

回答 3 已采纳 mysqli_real_escape_string($username) is missing a required parameter The usage of mysqli_real_esc
mysqli_real_escape_string不会插入到db中 database html mysql php
2019-03-04 10:58

回答 5 已采纳 You are wrong to pass parameters to the mysqli_real_escape_string () function before inserting the
mysqli_real_escape_string（）警告此代码[关闭] php
2015-10-02 09:32

回答 1 已采纳 Your parameters are in the wrong order, read the documentation again. For example: $username = my
mysqli mysql_real_escape_string,警告：mysqli_real_escape_string（）期望参数1为mysqli，字符串给定...
2021-02-07 23:38

许传志的博客 I have a secured area of my site where I can add/update/delete database entries. I am trying to update the script from mysql to mysqli. Everything works except for the "update" part. When I fill in...
php mysql_real_escape_string转换为mysqli [复制] html mysql php
2016-08-30 17:57

回答 3 已采纳 I think you want this <?php $con=mysqli_connect("localhost","my_user","my_password","my_db");
Mysqli_real_escape_string无法识别链接 php
2016-03-17 17:34

回答 2 已采纳 You call $link in your function but it is not defined in your function. You have to pass it as a
对于PHP函数mysqli_real_escape_string（），$ link的目的是什么？ php
2017-02-07 02:53

回答 2 已采纳 That's a good and very logical question. Indeed, why would we need a connection for a trifle strin
mysqli mysql_real_escape_string_PHP mysqli_real_escape_string() 函数
2021-01-27 10:23

王高乒的博客转义字符串中的特殊字符：// 假定数据库用户名：root，密码：123456，数据库：VOIDME$con=mysqli_connect(...if (mysqli_connect_errno($con)){echo "连接 MySQL 失败: " . mysqli_connect_error();}mysqli_query($...
mysqli_real_escape_string（）期望参数1为mysqli，null为null mysql php
2016-07-22 16:49

回答 3 已采纳 i think you have typo in your variable, please check your $connect => $conncet variable $c
HTML表单没有将值传递给PHP（mysqli_real_escape_string） html mysql php
2015-06-15 13:45

回答 7 已采纳 Change form type="post" to method="post" Add database connection string to your mysqli_real_escap
在数据库中保存带单引号的字符串，不带mysqli_real_escape_string [duplicate] mysql php
2015-12-31 07:13

回答 1 已采纳 Since Im seeing so many low quality comments here, here is a rough untested answer. $query = "INS
mysqli mysql_real_escape_string_“ mysqli_real_escape_string”是否足以避免SQL注入或其他SQL攻击？...
2021-02-07 23:38

冰炭不同炉的博客 // This is a string literal whitelist switch ($sortby) { case 'column_b': case 'col_c': // If it literally matches here, it's safe to use break; default: $sortby = 'rowid'; } // Only numeric ...
mysql_real_escape_string php_PHP mysqli_real_escape_string() 函数 | 菜鸟教程
2021-01-18 18:55

户外探险OUTDOOR的博客 PHP mysqli_real_escape_string() 函数转义字符串中的特殊字符：// 假定数据库用户名：root，密码：123456，数据库：RUNOOB$con=mysqli_connect("localhost","root","123456","RUNOOB");if (mysqli_connect_errno($...
不执行数据库查询 mysql_real_escape_string,使用mysqli_real_escape_string时查询不运行
2021-01-30 16:08

weixin_39599342的博客 I'm converting an old script to be compliant with MySQLi and ran in to an issue...$link = mysqli_connect("localhost", "user", "password", "database");if (mysqli_connect_errno()) {printf("Connect faile...
mysqli_real_escape_string() 函数
2019-04-11 10:04

冷月醉雪的博客查看更多 https://www.yuque.com/docs/share/eaca5dfb-cf45-481c-8ff0-6dbbff465125
PHP函数addslashes和mysql_real_escape_string的区别
2020-10-26 00:46

另一方面，mysql_real_escape_string()函数考虑到了数据库的连接设置，并且会根据当前MySQL连接的字符集对字符串中的特殊字符进行转义。它比addslashes()更安全，因为它能够转义更多的特殊字符，这包括了回车、换行...
mysql_real_escape_string c api_mysql_real_escape_string
2021-03-03 23:48

高三垃圾的博客 } if (function_exists('mysql_real_escape_string') AND is_resource($this->conn_id)) { $str = mysql_real_escape_string($str, $this->conn_id); } elseif (function_exists('mysql_escape_string')) { $str = ...
mysql_real_escape_string与mysqli_real_escape_string
2019-09-27 10:39

dianai7709的博客参考mysql_real_escape_stringmysqli_real_escape_string mysql_real_escape_string是用来转义字符的，主要是转义POST或GET的参数，防治SQL注入（防注入可参考PHP防SQL注入不要再用addslashes和mysql_real_escape_...
sqlilabs关于mysqli_real_escape_string函数报错的问题解决。
2022-08-30 11:28

snowman12138的博客 sqlilabs关于mysqli_real_escape_string函数报错的问题解决。
没有解决我的问题, 去提问

悬赏问题

¥15 用verilog实现tanh函数和softplus函数
¥15 Hadoop集群部署启动Hadoop时碰到问题
¥15 求京东批量付款能替代天诚
¥15 slaris 系统断电后，重新开机后一直自动重启
¥15 QTableWidget重绘程序崩溃
¥15 谁能帮我看看这拒稿理由啥意思啊阿啊
¥15 关于vue2中methods使用call修改this指向的问题
¥15 idea自动补全键位冲突
¥15 请教一下写代码，代码好难
¥15 iis10中如何阻止别人网站重定向到我的网站

mysqli_real_escape_string无效[关闭]

2条回答 默认 最新

悬赏问题

2条回答默认最新