mysqli_real_escape_string不会插入到db中

I propose the following question ... I have to make sure that the following query also accept values with the quotes inside .. I tried using mysqli_real_escape_string but it did not work .. I am attaching my attempts ..

1° Put the function during the post

        $idCantiere = $_POST["idCantiere"];
        $nomeCantiere = mysqli_real_escape_string($_POST["nomeCantiere"]);
        $sql = "INSERT INTO Cantiere( 
        idCantiere,
        nomeCantiere)
        VALUES(
       '$idCantiere',
       '$nomeCantiere')";
        if (mysqli_query($mysqli, $sql)) 
        {
        echo "<script type='text/javascript'>alert('Cantiere Inserto'); 
        </script>";
        } else
        {
         echo "Error: " . $sql . "" . mysqli_error($mysqli);
        }

2° Put the function during the query

 $idCantiere = $_POST["idCantiere"];
        $nomeCantiere = $_POST["nomeCantiere"];
        $sql = "INSERT INTO Cantiere( 
        idCantiere,
        nomeCantiere)
        VALUES(
       '$idCantiere',
       mysqli_real_escape_string('$nomeCantiere'))";
        if (mysqli_query($mysqli, $sql)) 
        {
        echo "<script type='text/javascript'>alert('Cantiere Inserto'); 
        </script>";
        } else
        {
         echo "Error: " . $sql . "" . mysqli_error($mysqli);
        }

How can I solve the problem?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

5条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dtrn74832 2019-03-04 11:12
关注
You are wrong to pass parameters to the mysqli_real_escape_string () function before inserting the post you must put the connection string with which you access the DB

$connection=mysqli_connect("localhost","USER","PASSWORD","DB"); $nomeCantiere= mysqli_real_escape_string($connection, $_POST['nomeCantiere']);

your second attempt is wrong reuses my line of code in the first .. during the post
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(4条)

报告相同问题？

关注问题

mysqli_real_escape_string（）警告此代码[关闭] php
2015-10-02 09:32

回答 1 已采纳 Your parameters are in the wrong order, read the documentation again. For example: $username = my
Mysqli_real_escape_string无法识别链接 php
2016-03-17 17:34

回答 2 已采纳 You call $link in your function but it is not defined in your function. You have to pass it as a
为什么mysqli_real_escape_string在我的字符串中添加两个反斜杠 mysql php
2017-11-29 23:09

回答 1 已采纳 You should migrate your code to prepared statements instead. That would let you avoid this strange
mysqli mysql_real_escape_string,警告：mysqli_real_escape_string（）期望参数1为mysqli，字符串给定...
2021-02-07 23:38

许传志的博客 I have a secured area of my site where I can add/update/delete database entries. I am trying to update the script from mysql to mysqli. Everything works except for the "update" part. When I fill in...
类型'String'是一个意外的参数，期望Mysqli [mysqli_real_escape_string] [重复] mysql php
2017-02-15 13:59

回答 1 已采纳 Change your code to $xml_object = mysqli_real_escape_string($conn, $data->xml_object);
如果在php类中建立连接并且在单独的函数文件中使用函数mysqli_real_escape_string，我如何使用mysql连接？ mysql php
2014-07-15 06:44

回答 1 已采纳 You can do it by more than one way : 1.1- Try putting the escape function inside the connect clas
Mysqli_real_escape_string阻止preg_split工作？ php
2013-02-17 21:56

回答 1 已采纳 http://php.net/mysqli-real-escape-string Characters encoded are NUL (ASCII 0), , , \, ', ",
mysqli mysql_real_escape_string_“ mysqli_real_escape_string”是否足以避免SQL注入或其他SQL攻击？...
2021-02-07 23:38

冰炭不同炉的博客小编典典有人可以告诉我它是否安全或是否容易受到SQL Injection攻击或其他SQL攻击吗？防止SQL注入的最佳方法是使用准备好的语句。它们将数据(您的参数)与指令(SQL查询字符串)分开，并且不会为数据留下任何空间污染...
不使用mysqli_real_escape_string（）输入sanitizaton php sql
2012-11-14 21:25

回答 2 已采纳 While I definitely agree with the comments and answer that using prepared statements, and not doin
警告：mysqli_real_escape_string（）期望参数1为mysqli，在C：\ xampp \ htdocs \ lr \ lr.php中给出的字符串 mysql php
2015-04-14 15:30

回答 1 已采纳 array_sanitize requires 2 arguments, and the second one should be the item. The arguments array_wa
mysqli_select_db（）期望参数1为mysqli，给定字符串＆mysqli_error（）需要1个参数，0在DATABASE_CONNECT_ERROR [duplicate]中给出 mysql php
2016-10-19 04:19

回答 1 已采纳 First of all you no need to have "" for your DB connection because you pass it as a variable Sec
不执行数据库查询 mysql_real_escape_string,使用mysqli_real_escape_string时查询不运行
2021-01-30 16:08

weixin_39599342的博客 I'm converting an old script to be compliant with MySQLi and ran in to an issue...$link = mysqli_connect("localhost", "user", "password", "database");if (mysqli_connect_errno()) {printf("Connect faile...
mysqli mysql_real_escape_string_PHP mysqli_real_escape_string() 函数
2021-02-07 23:38

weixin_39719101的博客实例转义字符串中的特殊字符：$con=mysqli_connect("localhost","my_user","my_password","my_db");// Check connectionif (mysqli_connect_errno($con)){echo "Failed to connect to MySQL: " . mysqli_connect_...
mysql_real_escape_string c api_mysql_real_escape_string
2021-03-03 23:48

高三垃圾的博客 CI中：$this->db->select('*')->where("username","skcdian")->where("password","' OR ''='")->get("user")->result();SELECT * FROM (user) WHERE username = ‘skcdian’ AND password = ‘\’...
pdo mysql_real_escape_string_php – 如何在PDO中使用/编写mysql_real_escape_string？
2021-01-26 07:56

weixin_39581739的博客 real escape string and PDO3个在我的代码中我试图将MysqL_real_escape_string转换为PDO语句.有人有关于如何在PDO中编写MysqL_real_escape_string的提示吗？我在两行中使用MysqL_real_escape_string：$userN...
mysql_real_escape_string 不支持_mysql_real_escape_string总是返回false
2021-01-21 13:23

13338383381的博客总所周知，mysql_real_escape_string函数的作用是：转义SQL语句中使用的字符串中的特殊字符，并考虑到连接的当前字符集。并且mysql_real_escape_string()并不转义%和_。但是，如果按照手册的例子来写代码，总是返回...
mysql_real_escape_string pdo_php – 如何在PDO中使用/编写mysql_real_escape_string？
2021-02-07 23:43

胡椒肥牛饭的博客 real escape string and PDO3个在我的代码中我试图将mysql_real_escape_string转换为PDO语句.有人有关于如何在PDO中编写mysql_real_escape_string的提示吗？我在两行中使用mysql_real_escape_string：$userNa...
mysql_real_escape_string 不支持_mysql_real_escape_string()无效，即使我已连接到数据库
2021-01-21 13:23

数码客栈的博客但是，在远程服务器上，我无法使mysql_real_escape_string()正常工作。数据库连接正在工作，并在调用该函数之前连接。当我尝试echo $_POST['email'];时，我获得了正确的数据，但是当我尝试echo mysql_real_escap...
mysql_real_escape_string 报错,使用mysql_real_escape_string（）时出错
2021-01-19 23:40

邦成为寄卖连锁的博客 my code-require 'database....$title = mysql_real_escape_string($_POST['title']); //line 48$cat = $_POST['cat'];$txtart = mysql_real_escape_string($_POST['artbody']); //line 50$date = date("d-m-y");...
没有解决我的问题, 去提问

悬赏问题

¥20 求快手直播间榜单匿名采集ID用户名简单能学会的
¥15 DS18B20内部ADC模数转换器
¥15 做个有关计算的小程序
¥15 MPI读取tif文件无法正常给各进程分配路径
¥15 如何用MATLAB实现以下三个公式（有相互嵌套）
¥30 关于#算法#的问题：运用EViews第九版本进行一系列计量经济学的时间数列数据回归分析预测问题求各位帮我解答一下
¥15 setInterval 页面闪烁，怎么解决
¥15 如何让企业微信机器人实现消息汇总整合
¥50 关于#ui#的问题：做yolov8的ui界面出现的问题
¥15 如何用Python爬取各高校教师公开的教育和工作经历

mysqli_real_escape_string不会插入到db中

5条回答 默认 最新

悬赏问题

5条回答默认最新