The PHP documentation for mysqli_real_escape_string notes that a link identifier is necessary to escape a string:
string mysqli_real_escape_string ( mysqli $link , string $escapestr )
What purpose does $link serve? And why is $link necessary in order to escape a string? And how is it that a different valid value for $link could conceivably lead to a different return value for mysqli_real_escape_string?
分享 That's a good and very logical question. Indeed, why would we need a connection for a trifle string manipulation - adding slashes to certain characters?
All this hassle is about the character set.
$link contains a mysqli connection. And mysqli connection contains the information about current charset. And this information is required to escape the string properly, depends on charset. So indeed the result will be different for some different (though quite odd) character sets.
A different returned value example can be found in this answer.
This is why mysqli_real_escape_string() does no good by itself, but should be always used after setting the proper charset through mysqli::set_charset()
On a side note I must say that this function is rather obsoleted whatsoever. Instead of manual escaping one should use prepared statements (and, given with mysqli this this mechanism is one big WTF, it is hugely recommended to use PDO).
分享
