我有以下PHP函数:mysqli_real_escape_string()不正常
public function signup() { $mysql = mysqli_connect(HOSTNAME, USERNAME, PASSWORD, DATABASE); if (mysqli_connect_errno($mysql)) { $this->viewModel->set("pageTitle", "Signup"); $this->viewModel->set("message", "There was an error connecting to the server."); return $this->viewModel; } if ($result = $mysql->query("SELECT id FROM mailinglist WHERE email='" . $this->email . "';")) { if ($result->num_rows == 0) { $mysql->query("INSERT INTO mailinglist (email) VALUES ('" . $this->email . "');"); $this->viewModel->set("message", "Great! Thanks for signing up " . $this->email . "."); } else { $this->viewModel->set("message", "You are already signed up for updates!"); } } else { $this->viewModel->set("message", "There was an error adding you the mailing list."); } $this->viewModel->set("pageTitle", "Signup"); return $this->viewModel; }
然而,运行良好,准确地返回我想要的东西,如果我尝试使用mysqli_real_escape_string()我提出的质疑,它不起作用。即,以下代码
public function signup() { $mysql = mysqli_connect(HOSTNAME, USERNAME, PASSWORD, DATABASE); if (mysqli_connect_errno($mysql)) { $this->viewModel->set("pageTitle", "Signup"); $this->viewModel->set("message", "There was an error connecting to the server."); return $this->viewModel; } $query = $mysql->real_escape_string("SELECT id FROM mailinglist WHERE email='" . $this->email . "';"); if ($result = $mysql->query($query)) { if ($result->num_rows == 0) { $query = $mysql->real_escape_string("INSERT INTO mailinglist (email) VALUES ('" . $this->email . "');"); $mysql->query($query); $this->viewModel->set("message", "Great! Thanks for signing up " . $this->email . "."); } else { $this->viewModel->set("message", "You are already signed up for updates!"); } } else { $this->viewModel->set("message", "There was an error adding you the mailing list."); } $this->viewModel->set("pageTitle", "Signup"); return $this->viewModel; }
不起作用。这不是连接问题,我尝试使用mysqli_real_escape_string()而不是$ mysql-> real_escape_string(),但它们都不起作用。任何人都可以看到这段代码有什么问题吗?
'real_escape_string'查询中使用逃逸数据;它不会奇迹般地呈现您已经将任意输入引入安全的查询。但是它的作用并不重要,因为你使用的是MySQLi,你可以使用并应该使用准备好的语句。 – Ryan
是否有任何PHP错误? – Machavity