<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>mysqli_real_escape_string</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="PHP 手册"
HREF="index.html"><LINK
REL="UP"
TITLE="MySQLi 扩展库"
HREF="ref.mysqli.html"><LINK
REL="PREVIOUS"
TITLE="mysqli_real_connect"
HREF="function.mysqli-real-connect.html"><LINK
REL="NEXT"
TITLE="mysqli_real_query"
HREF="function.mysqli-real-query.html"><META
HTTP-EQUIV="Content-type"
CONTENT="text/html; charset=UTF-8"></HEAD
><BODY
CLASS="refentry"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>PHP 手册</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="function.mysqli-real-connect.html"
ACCESSKEY="P"
>上一页</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="function.mysqli-real-query.html"
ACCESSKEY="N"
>下一页</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><H1
><A
NAME="function.mysqli-real-escape-string"
></A
>mysqli_real_escape_string</H1
><DIV
CLASS="refnamediv"
><A
NAME="AEN140872"
></A
><P
> (PHP 5)</P
>mysqli_real_escape_string<P
> (no version information, might be only in CVS)</P
>mysqli->real_escape_string() -- Escapes special characters in a string for use in a SQL statement, taking into account the current charset of the connection</DIV
><DIV
CLASS="refsect1"
><A
NAME="AEN140876"
></A
><H2
>说明</H2
><P
>Procedural style:</P
>string <B
CLASS="methodname"
>mysqli_real_escape_string</B
> ( mysqli link, string escapestr )<BR
></BR
><P
>Object oriented style (both methods are equivalent):</P
>class <B
CLASS="classname"
>mysqli</B
> { <BR
></BR
>string <B
CLASS="methodname"
>escape_string</B
> ( string escapestr )<BR
></BR
>string <B
CLASS="methodname"
>real_escape_string</B
> ( string escapestr )<BR
></BR
>}<P
> This function is used to create a legal SQL string that you can use in an
SQL statement. The given string is encoded to an escaped SQL string,
taking into account the current character set of the connection.
</P
></DIV
><DIV
CLASS="refsect1"
><A
NAME="AEN140905"
></A
><H2
>参数</H2
><P
> <P
></P
><DIV
CLASS="variablelist"
><DL
><DT
><CODE
CLASS="parameter"
> link</CODE
></DT
><DD
><P
>Procedural style only: A link identifier
returned by <A
HREF="function.mysqli-connect.html"
><B
CLASS="function"
>mysqli_connect()</B
></A
> or <A
HREF="function.mysqli-init.html"
><B
CLASS="function"
>mysqli_init()</B
></A
>
</P
></DD
><DT
><CODE
CLASS="parameter"
>escapestr</CODE
></DT
><DD
><P
> The string to be escaped.
</P
><P
> Characters encoded are <TT
CLASS="literal"
>NUL (ASCII 0), \n, \r, \, ', ", and
Control-Z</TT
>.
</P
></DD
></DL
></DIV
>
</P
></DIV
><DIV
CLASS="refsect1"
><A
NAME="AEN140923"
></A
><H2
>返回值</H2
><P
> Returns an escaped string.
</P
></DIV
><DIV
CLASS="refsect1"
><A
NAME="AEN140926"
></A
><H2
>范例</H2
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
CLASS="EXAMPLE"
><TR
><TD
><DIV
CLASS="example"
><A
NAME="AEN140928"
></A
><P
><B
>例 1. Object oriented style</B
></P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
CELLPADDING="5"
><TR
><TD
><code><font color="#000000">
<font color="#0000BB"><?php<br />$mysqli </font><font color="#007700">= new </font><font color="#0000BB">mysqli</font><font color="#007700">(</font><font color="#DD0000">"localhost"</font><font color="#007700">, </font><font color="#DD0000">"my_user"</font><font color="#007700">, </font><font color="#DD0000">"my_password"</font><font color="#007700">, </font><font color="#DD0000">"world"</font><font color="#007700">);<br /><br /></font><font color="#FF8000">/* check connection */<br /></font><font color="#007700">if (</font><font color="#0000BB">mysqli_connect_errno</font><font color="#007700">()) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"Connect failed: %s\n"</font><font color="#007700">, </font><font color="#0000BB">mysqli_connect_error</font><font color="#007700">());<br /> exit();<br />}<br /><br /></font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">query</font><font color="#007700">(</font><font color="#DD0000">"CREATE TEMPORARY TABLE myCity LIKE City"</font><font color="#007700">);<br /><br /></font><font color="#0000BB">$city </font><font color="#007700">= </font><font color="#DD0000">"'s Hertogenbosch"</font><font color="#007700">;<br /><br /></font><font color="#FF8000">/* this query will fail, cause we didn't escape $city */<br /></font><font color="#007700">if (!</font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">query</font><font color="#007700">(</font><font color="#DD0000">"INSERT into myCity (Name) VALUES ('$city')"</font><font color="#007700">)) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"Error: %s\n"</font><font color="#007700">, </font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">sqlstate</font><font color="#007700">);<br />}<br /><br /></font><font color="#0000BB">$city </font><font color="#007700">= </font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">real_escape_string</font><font color="#007700">(</font><font color="#0000BB">$city</font><font color="#007700">);<br /><br /></font><font color="#FF8000">/* this query with escaped $city will work */<br /></font><font color="#007700">if (</font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">query</font><font color="#007700">(</font><font color="#DD0000">"INSERT into myCity (Name) VALUES ('$city')"</font><font color="#007700">)) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"%d Row inserted.\n"</font><font color="#007700">, </font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">affected_rows</font><font color="#007700">);<br />}<br /><br /></font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">close</font><font color="#007700">();<br /></font><font color="#0000BB">?></font>
</font>
</code></TD
></TR
></TABLE
></DIV
></TD
></TR
></TABLE
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
CLASS="EXAMPLE"
><TR
><TD
><DIV
CLASS="example"
><A
NAME="AEN140931"
></A
><P
><B
>例 2. Procedural style</B
></P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
CELLPADDING="5"
><TR
><TD
><code><font color="#000000">
<font color="#0000BB"><?php<br />$link </font><font color="#007700">= </font><font color="#0000BB">mysqli_connect</font><font color="#007700">(</font><font color="#DD0000">"localhost"</font><font color="#007700">, </font><font color="#DD0000">"my_user"</font><font color="#007700">, </font><font color="#DD0000">"my_password"</font><font color="#007700">, </font><font color="#DD0000">"world"</font><font color="#007700">);<br /><br /></font><font color="#FF8000">/* check connection */<br /></font><font color="#007700">if (</font><font color="#0000BB">mysqli_connect_errno</font><font color="#007700">()) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"Connect failed: %s\n"</font><font color="#007700">, </font><font color="#0000BB">mysqli_connect_error</font><font color="#007700">());<br /> exit();<br />}<br /><br /></font><font color="#0000BB">mysqli_query</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">, </font><font color="#DD0000">"CREATE TEMPORARY TABLE myCity LIKE City"</font><font color="#007700">);<br /><br /></font><font color="#0000BB">$city </font><font color="#007700">= </font><font color="#DD0000">"'s Hertogenbosch"</font><font color="#007700">;<br /><br /></font><font color="#FF8000">/* this query will fail, cause we didn't escape $city */<br /></font><font color="#007700">if (!</font><font color="#0000BB">mysqli_query</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">, </font><font color="#DD0000">"INSERT into myCity (Name) VALUES ('$city')"</font><font color="#007700">)) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"Error: %s\n"</font><font color="#007700">, </font><font color="#0000BB">mysqli_sqlstate</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">));<br />}<br /><br /></font><font color="#0000BB">$city </font><font color="#007700">= </font><font color="#0000BB">mysqli_real_escape_string</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">, </font><font color="#0000BB">$city</font><font color="#007700">);<br /><br /></font><font color="#FF8000">/* this query with escaped $city will work */<br /></font><font color="#007700">if (</font><font color="#0000BB">mysqli_query</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">, </font><font color="#DD0000">"INSERT into myCity (Name) VALUES ('$city')"</font><font color="#007700">)) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"%d Row inserted.\n"</font><font color="#007700">, </font><font color="#0000BB">mysqli_affected_rows</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">));<br />}<br /><br /></font><font color="#0000BB">mysqli_close</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">);<br /></font><font color="#0000BB">?></font>
</font>
</code></TD
></TR
></TABLE
></DIV
></TD
></TR
></TABLE
><P
>上例将输出:</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
CELLPADDING="5"
><TR
><TD
><PRE
CLASS="screen"
>Error: 42000
1 Row inserted.</PRE
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="refsect1"
><A
NAME="AEN140936"
></A
><H2
>参见</H2
><P
> <P
></P
><TABLE
BORDER="0"
><TBODY
><TR
><TD
><A
HREF="function.mysqli-character-set-name.html"
><B
CLASS="function"
>mysqli_character_set_name()</B
></A
></TD
></TR
></TBODY
></TABLE
><P
></P
>
</P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="function.mysqli-real-connect.html"
ACCESSKEY="P"
>上一页</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>起始页</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="function.mysqli-real-query.html"
ACCESSKEY="N"
>下一页</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>mysqli_real_connect</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="ref.mysqli.html"
ACCESSKEY="U"
>上一级</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>mysqli_real_query</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
