Php 将mysql_real_escape转换为it';s MySQLi等价物
我有以下代码:Php 将mysql_real_escape转换为it';s MySQLi等价物,php,mysqli,Php,Mysqli,我有以下代码: <?php @include_once('set.php'); @include_once('steamauth/steamauth.php'); if(!isset($_SESSION["steamid"])) { Header("Location: index.php"); exit; } $link = $_POST["link"]; $link = mysql_real_escape_string($link); $steam = $
<?php
@include_once('set.php');
@include_once('steamauth/steamauth.php');
if(!isset($_SESSION["steamid"])) {
Header("Location: index.php");
exit;
}
$link = $_POST["link"];
$link = mysql_real_escape_string($link);
$steam = $_SESSION["steamid"];
mysql_query("UPDATE users SET `tlink`='$link' WHERE `steamid`='$steam'");
Header("Location: settings.php");
exit;
?>
我想这就是你要找的
<?php
require_once('set.php');
require_once('steamauth/steamauth.php');
if(!isset($_SESSION["steamid"])) {
header("Location: index.php");
exit();
}
$steam = $_SESSION["steamid"];
// Open a new connection to the MySQL server
$connection = new mysqli($host, $username, $password, $databaseName);
// Check connection
if($connection->connect_errno){
// error
die('Connect Error: ' . $connection->connect_error);
}
// Escapes special characters in a string for use in an SQL statement
$link = $connection->real_escape_string($_POST["link"]);
// Execute query
$connection->query("UPDATE users SET tlink='{$link}' WHERE steamid='{$steam}'");
// Close connection
$connection->close();
header("Location: settings.php");
exit();
?>
您应该学会使用准备好的语句,而不是转义。但是你想要的是mysqli\u real\u escape\u string($conn,$link)
。让我的头严重地晃动。