php mysql_real_escape_string()函数
mysql_real_escape_string() 函数转义 SQL 语句中使用的字符串中的特殊字符,下列字符受影响:
x00 n r ' " x1a
如果成功,则该函数返回被转义的字符串,如果失败,则返回 false.
语法: mysql_real_escape_string(string,connection)
参数 描述
string 必需,规定要转义的字符串
connection 可选,规定 MySQL 连接,如果未规定,则使用上一个连接.
PHP实例代码如下:
<?php function opendatabase ( $host , $user , $pass ) { try { if ( $db = mysql_connect ( $host , $user , $pass )){ return $db ; } else { throw new exception ( "Sorry, could not connect to mysql." ); } } catch (exception $e ) { echo $e ->getmessage (); } } function selectdb ( $whichdb , $db ){ try { if (!mysql_select_db ( $whichdb , $db )){ throw new exception ( "Sorry, database could not be opened." ); } } catch (exception $e ) { echo $e ->getmessage(); } } function closedatabase ( $db ){ mysql_close ( $db ); } $db = opendatabase ( "localhost" , "root" , "" ); selectdb ( "mydatabase" , $db ); $_POST [ 'user' ] = "myname" ; $_POST [ 'pass' ] = "mypassword" ; function validatelogin ( $user , $pass ){ mysql_real_escape_string ( $user ); mysql_real_escape_string ( $pass ); $thequery = "SELECT * FROM userlogin WHERE username='$user' AND password='$pass'" ; if ( $aquery = mysql_query ( $thequery )){ if (mysql_num_rows ( $aquery ) > 0){ return true; } else { return false; } } else { echo mysql_error(); } //开源代码phpfensi测试数据 } if (validatelogin ( $_POST [ 'user' ], $_POST [ 'pass' ])){ echo "You have successfully logged in." ; } else { echo "Sorry, you have an incorrect username and/or password." ; } closedatabase ( $db ); ?>查看更多关于php mysql_real_escape_string()函数 - php函数的详细内容...
声明:本文来自网络,不代表【好得很程序员自学网】立场,转载请注明出处:http://www.haodehen.cn/did31104