mysqli_real_escape_string不会插入到db中

I propose the following question ... I have to make sure that the following query also accept values with the quotes inside .. I tried using mysqli_real_escape_string but it did not work .. I am attaching my attempts ..

1° Put the function during the post

        $idCantiere = $_POST["idCantiere"];
        $nomeCantiere = mysqli_real_escape_string($_POST["nomeCantiere"]);
        $sql = "INSERT INTO Cantiere( 
        idCantiere,
        nomeCantiere)
        VALUES(
       '$idCantiere',
       '$nomeCantiere')";
        if (mysqli_query($mysqli, $sql)) 
        {
        echo "<script type='text/javascript'>alert('Cantiere Inserto'); 
        </script>";
        } else
        {
         echo "Error: " . $sql . "" . mysqli_error($mysqli);
        }

2° Put the function during the query

 $idCantiere = $_POST["idCantiere"];
        $nomeCantiere = $_POST["nomeCantiere"];
        $sql = "INSERT INTO Cantiere( 
        idCantiere,
        nomeCantiere)
        VALUES(
       '$idCantiere',
       mysqli_real_escape_string('$nomeCantiere'))";
        if (mysqli_query($mysqli, $sql)) 
        {
        echo "<script type='text/javascript'>alert('Cantiere Inserto'); 
        </script>";
        } else
        {
         echo "Error: " . $sql . "" . mysqli_error($mysqli);
        }

How can I solve the problem?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

5条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dtrn74832 2019-03-04 11:12
关注
You are wrong to pass parameters to the mysqli_real_escape_string () function before inserting the post you must put the connection string with which you access the DB

$connection=mysqli_connect("localhost","USER","PASSWORD","DB"); $nomeCantiere= mysqli_real_escape_string($connection, $_POST['nomeCantiere']);

your second attempt is wrong reuses my line of code in the first .. during the post
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(4条)

报告相同问题？

关注问题

mysqli_real_escape_string不会插入到db中 database html mysql php
2019-03-04 10:58

回答 5 已采纳 You are wrong to pass parameters to the mysqli_real_escape_string () function before inserting the
mysqli_real_escape_string（）警告此代码[关闭] php
2015-10-02 09:32

回答 1 已采纳 Your parameters are in the wrong order, read the documentation again. For example: $username = my
Mysqli_real_escape_string无法识别链接 php
2016-03-17 17:34

回答 2 已采纳 You call $link in your function but it is not defined in your function. You have to pass it as a
mysqli mysql_real_escape_string,警告：mysqli_real_escape_string（）期望参数1为mysqli，字符串给定...
2021-02-07 23:38

许传志的博客 I have a secured area of my site where I can add/update/delete database entries. I am trying to update the script from mysql to mysqli. Everything works except for the "update" part. When I fill in...
为什么mysqli_real_escape_string在我的字符串中添加两个反斜杠 mysql php
2017-11-29 23:09

回答 1 已采纳 You should migrate your code to prepared statements instead. That would let you avoid this strange
类型'String'是一个意外的参数，期望Mysqli [mysqli_real_escape_string] [重复] mysql php
2017-02-15 13:59

回答 1 已采纳 Change your code to $xml_object = mysqli_real_escape_string($conn, $data->xml_object);
如果在php类中建立连接并且在单独的函数文件中使用函数mysqli_real_escape_string，我如何使用mysql连接？ mysql php
2014-07-15 06:44

回答 1 已采纳 You can do it by more than one way : 1.1- Try putting the escape function inside the connect clas
mysqli mysql_real_escape_string_PHP mysqli_real_escape_string() 函数
2021-02-07 23:38

weixin_39719101的博客实例转义字符串中的特殊字符：$con=mysqli_connect("localhost","my_user","my_password","my_db");// Check connectionif (mysqli_connect_errno($con)){echo "Failed to connect to MySQL: " . mysqli_connect_...
Mysqli_real_escape_string阻止preg_split工作？ php
2013-02-17 21:56

回答 1 已采纳 http://php.net/mysqli-real-escape-string Characters encoded are NUL (ASCII 0), , , \, ', ",
不使用mysqli_real_escape_string（）输入sanitizaton php sql
2012-11-14 21:25

回答 2 已采纳 While I definitely agree with the comments and answer that using prepared statements, and not doin
警告：mysqli_real_escape_string（）期望参数1为mysqli，在C：\ xampp \ htdocs \ lr \ lr.php中给出的字符串 mysql php
2015-04-14 15:30

回答 1 已采纳 array_sanitize requires 2 arguments, and the second one should be the item. The arguments array_wa
mysqli mysql_real_escape_string_“ mysqli_real_escape_string”是否足以避免SQL注入或其他SQL攻击？...
2021-02-07 23:38

冰炭不同炉的博客小编典典有人可以告诉我它是否安全或是否容易受到SQL Injection攻击或其他SQL攻击吗？防止SQL注入的最佳方法是使用准备好的语句。它们将数据(您的参数)与指令(SQL查询字符串)分开，并且不会为数据留下任何空间污染...
“mysqli_num_rows”与“mysqli_query”的输出斗争 mysql php
2015-12-05 01:39

回答 1 已采纳 Not sure if this is the problem: $username = mysqli_real_escape_string($connection,(htmlspecialch
不执行数据库查询 mysql_real_escape_string,使用mysqli_real_escape_string时查询不运行
2021-01-30 16:08

weixin_39599342的博客 I'm converting an old script to be compliant with MySQLi and ran in to an issue...$link = mysqli_connect("localhost", "user", "password", "database");if (mysqli_connect_errno()) {printf("Connect faile...
mysql_real_escape_string c api_mysql_real_escape_string
2021-03-03 23:48

高三垃圾的博客 CI中：$this->db->select('*')->where("username","skcdian")->where("password","' OR ''='")->get("user")->result();SELECT * FROM (user) WHERE username = ‘skcdian’ AND password = ‘\’...
mysql_real_escape_string 不支持_mysql_real_escape_string总是返回false
2021-01-21 13:23

13338383381的博客总所周知，mysql_real_escape_string函数的作用是：转义SQL语句中使用的字符串中的特殊字符，并考虑到连接的当前字符集。并且mysql_real_escape_string()并不转义%和_。但是，如果按照手册的例子来写代码，总是返回...
pdo mysql_real_escape_string_php – 如何在PDO中使用/编写mysql_real_escape_string？
2021-01-26 07:56

weixin_39581739的博客 real escape string and PDO3个在我的代码中我试图将MysqL_real_escape_string转换为PDO语句.有人有关于如何在PDO中编写MysqL_real_escape_string的提示吗？我在两行中使用MysqL_real_escape_string：$userN...
mysql_real_escape_string 不支持_mysql_real_escape_string()无效，即使我已连接到数据库
2021-01-21 13:23

数码客栈的博客但是，在远程服务器上，我无法使mysql_real_escape_string()正常工作。数据库连接正在工作，并在调用该函数之前连接。当我尝试echo $_POST['email'];时，我获得了正确的数据，但是当我尝试echo mysql_real_escap...
mysql_real_escape_string 报错,使用mysql_real_escape_string（）时出错
2021-01-19 23:40

邦成为寄卖连锁的博客 my code-require 'database....$title = mysql_real_escape_string($_POST['title']); //line 48$cat = $_POST['cat'];$txtart = mysql_real_escape_string($_POST['artbody']); //line 50$date = date("d-m-y");...
没有解决我的问题, 去提问

悬赏问题

¥15 netty整合springboot之后自动重连失效
¥20 wireshark抓不到vlan
¥20 关于#stm32#的问题：需要指导自动酸碱滴定仪的原理图程序代码及仿真
¥20 设计一款异域新娘的视频相亲软件需要哪些技术支持
¥15 stata安慰剂检验作图但是真实值不出现在图上
¥15 c程序不知道为什么得不到结果
¥40 复杂的限制性的商函数处理
¥15 程序不包含适用于入口点的静态Main方法
¥15 素材场景中光线烘焙后灯光失效
¥15 请教一下各位，为什么我这个没有实现模拟点击

mysqli_real_escape_string不会插入到db中

5条回答 默认 最新

悬赏问题

5条回答默认最新