Php mySQLI-mySQLI\u real\u escape\u字符串存在问题
我有这段代码,工作非常完美,但我想做一个简单的修改Php mySQLI-mySQLI\u real\u escape\u字符串存在问题,php,mysql,mysqli,Php,Mysql,Mysqli,我有这段代码,工作非常完美,但我想做一个简单的修改 <?php session_start(); require 'includes/f_banco1.php'; require '../PasswordHash.php'; function checkBd($sql, $db, $user, $codePass) { $user = $_GET['userid']; //here $codePass = $_GET['code'];//here if
<?php session_start();
require 'includes/f_banco1.php';
require '../PasswordHash.php';
function checkBd($sql, $db, $user, $codePass) {
$user = $_GET['userid']; //here
$codePass = $_GET['code'];//here
if(is_numeric($user)) {
($sql = $db->prepare("select userid, code from password_reset where userid=? and code=?"));
$sql->bind_param('ss', $user, $codePass);
$sql->execute();
$sql->bind_result($user, $codePass);
if ($sql->fetch()) {
$_SESSION['u_name']= sha1($user);
header("location: updatePass.php");
return true;
}
else
echo "Não existe na BD";
return false;
}
else
echo "Erro";
}
checkBd ($sql, $db, $user, $codePass);
?>
谢谢您不需要这样做。您正在使用准备好的语句,这些语句会自动转义变量。如果准备好语句,则不需要转义字符串
注意:必须打开数据库连接才能使用mysqli\u real\u escape\u string()我不需要执行scape?好消息:)@user455318:如果你没有使用预先准备好的语句,那么你需要逃逸——别忘了:)可能是重复的
$user = $_GET['userid']; //here
$codePass = $_GET['code'];//here
$user = mysqli_real_escape_string($db, $_GET['userid']);
$codePass = mysqli_real_escape_string($db, $_GET['code']);