mysql_real_escape_string and array_map returns blank strings?

女生的网名这么多〃 提交于 2019-12-20 03:29:12

问题


I haven't yet learned how to use parameterized queries (which according to some other posts on this site is something that I absolutely need to do first thing tomorrow morning) and I want to get a whack of form data into a query, escaped.

Twice, I have come across this solution:

$_POST = array_map('mysqli_real_escape_string', $_POST);

This, from what I can tell, runs all of the variables in the $_POST array through the escape function. I have seen that exact line upvoted, but when I add it to my existing PHP it creates a bunch of blank values.

I was under the impression that mysqli_real_escape_string needed a 2nd parameter - the link/connection. Is this what's causing my problem? The data takes just fine in the database if that line is removed and my variables take their unescaped values from $_POST.


回答1:


array_map returns new array, if you're overwriting $_POST, better solution would be to use array_walk.

array_walk($_POST, function(&$string) use ($link) { 
  $string = mysqli_real_escape_string($link, $string);
});

Note that $link must be valid connection.

Function [ <internal:mysqli> function mysqli_real_escape_string ] {

  - Parameters [2] {
    Parameter #0 [ <required> $link ]
    Parameter #1 [ <required> $string_to_escape ]
  }
}



回答2:


You must pass values ​​escaped to another variable:

$post = array_map('mysqli_real_escape_string', $_POST);

Or:

foreach($_POST as $k => $v) {
    $_POST[$k] = mysqli_real_escape_string($v);
}

Note: Unless the array is referenced, foreach operates on a copy of the specified array and not the array itself.




回答3:


Then yes this is your answer:

mysql_real_escape_string() requires a connection to the database as it uses the database's character set to determine what is needed to be escaped.
Without this, PHP has no idea what char set you're using and so what to escape.

There are many:
http://dev.mysql.com/doc/refman/5.0/en/charset-unicode-sets.html
And all with different chars.



来源:https://stackoverflow.com/questions/18625737/mysql-real-escape-string-and-array-map-returns-blank-strings

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!