我可以在 php 中使用什么而不是 (mysqli_real_escape_string)
What can I use in php instead of (mysqli_real_escape_string)
我已使用 oci_connect 连接到 oracle,但出现此错误:
Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, resource given in
所以我正在尝试更改 mysqli_real_escape_string() 以使用 oci...
这是我的代码:
$condition = '';
$query = explode(" ", $_GET["search"]);
foreach($query as $text)
{
$condition .= "VIDEO_TITLE LIKE '%".mysqli_real_escape_string($connect, $text)."%' OR ";
}
$condition = substr($condition, 0, -4);
$sql_query = "SELECT * FROM TBL_VIDEO WHERE " . $condition;
$result = oci_parse($connect, $sql_query);
oci_execute($result);
if(oci_num_rows($result) > 0)
我使用以下功能。准备好的语句绝对是大多数人的首选,但这是一个很好的选择:
<?php
function mysql_escape_mimic($inp) {
if(is_array($inp))
return array_map(__METHOD__, $inp);
if(!empty($inp) && is_string($inp)) {
return str_replace(array('\', "[=10=]", "\n", "\r", "'", '"', "\x1a"), array('\\', '\0', '\n', '\r', "\'", '\"', '\Z'), $inp);
}
return $inp;
}
所以你要替换这一行:
$condition .= "VIDEO_TITLE LIKE '%".mysqli_real_escape_string($connect, $text)."%' OR ";
与:
$condition .= "VIDEO_TITLE LIKE '%".mysql_escape_mimic($connect, $text)."%' OR ";
我从这里借来的:http://php.net/manual/en/function.mysql-real-escape-string.php#101248
我已使用 oci_connect 连接到 oracle,但出现此错误:
Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, resource given in
所以我正在尝试更改 mysqli_real_escape_string() 以使用 oci...
这是我的代码:
$condition = '';
$query = explode(" ", $_GET["search"]);
foreach($query as $text)
{
$condition .= "VIDEO_TITLE LIKE '%".mysqli_real_escape_string($connect, $text)."%' OR ";
}
$condition = substr($condition, 0, -4);
$sql_query = "SELECT * FROM TBL_VIDEO WHERE " . $condition;
$result = oci_parse($connect, $sql_query);
oci_execute($result);
if(oci_num_rows($result) > 0)
我使用以下功能。准备好的语句绝对是大多数人的首选,但这是一个很好的选择:
<?php
function mysql_escape_mimic($inp) {
if(is_array($inp))
return array_map(__METHOD__, $inp);
if(!empty($inp) && is_string($inp)) {
return str_replace(array('\', "[=10=]", "\n", "\r", "'", '"', "\x1a"), array('\\', '\0', '\n', '\r', "\'", '\"', '\Z'), $inp);
}
return $inp;
}
所以你要替换这一行:
$condition .= "VIDEO_TITLE LIKE '%".mysqli_real_escape_string($connect, $text)."%' OR ";
与:
$condition .= "VIDEO_TITLE LIKE '%".mysql_escape_mimic($connect, $text)."%' OR ";
我从这里借来的:http://php.net/manual/en/function.mysql-real-escape-string.php#101248