<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <HTML ><HEAD ><TITLE >mysqli_real_escape_string</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK REL="HOME" TITLE="PHP 手册" HREF="index.html"><LINK REL="UP" TITLE="MySQLi 扩展库" HREF="ref.mysqli.html"><LINK REL="PREVIOUS" TITLE="mysqli_real_connect" HREF="function.mysqli-real-connect.html"><LINK REL="NEXT" TITLE="mysqli_real_query" HREF="function.mysqli-real-query.html"><META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=UTF-8"></HEAD ><BODY CLASS="refentry" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >PHP 手册</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="function.mysqli-real-connect.html" ACCESSKEY="P" >上一页</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="function.mysqli-real-query.html" ACCESSKEY="N" >下一页</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><H1 ><A NAME="function.mysqli-real-escape-string" ></A >mysqli_real_escape_string</H1 ><DIV CLASS="refnamediv" ><A NAME="AEN140872" ></A ><P > (PHP 5)</P >mysqli_real_escape_string<P > (no version information, might be only in CVS)</P >mysqli->real_escape_string() -- Escapes special characters in a string for use in a SQL statement, taking into account the current charset of the connection</DIV ><DIV CLASS="refsect1" ><A NAME="AEN140876" ></A ><H2 >说明</H2 ><P >Procedural style:</P >string <B CLASS="methodname" >mysqli_real_escape_string</B > ( mysqli link, string escapestr )<BR ></BR ><P >Object oriented style (both methods are equivalent):</P >class <B CLASS="classname" >mysqli</B > { <BR ></BR >string <B CLASS="methodname" >escape_string</B > ( string escapestr )<BR ></BR >string <B CLASS="methodname" >real_escape_string</B > ( string escapestr )<BR ></BR >}<P > This function is used to create a legal SQL string that you can use in an SQL statement. The given string is encoded to an escaped SQL string, taking into account the current character set of the connection. </P ></DIV ><DIV CLASS="refsect1" ><A NAME="AEN140905" ></A ><H2 >参数</H2 ><P > <P ></P ><DIV CLASS="variablelist" ><DL ><DT ><CODE CLASS="parameter" > link</CODE ></DT ><DD ><P >Procedural style only: A link identifier returned by <A HREF="function.mysqli-connect.html" ><B CLASS="function" >mysqli_connect()</B ></A > or <A HREF="function.mysqli-init.html" ><B CLASS="function" >mysqli_init()</B ></A > </P ></DD ><DT ><CODE CLASS="parameter" >escapestr</CODE ></DT ><DD ><P > The string to be escaped. </P ><P > Characters encoded are <TT CLASS="literal" >NUL (ASCII 0), \n, \r, \, ', ", and Control-Z</TT >. </P ></DD ></DL ></DIV > </P ></DIV ><DIV CLASS="refsect1" ><A NAME="AEN140923" ></A ><H2 >返回值</H2 ><P > Returns an escaped string. </P ></DIV ><DIV CLASS="refsect1" ><A NAME="AEN140926" ></A ><H2 >范例</H2 ><TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" CLASS="EXAMPLE" ><TR ><TD ><DIV CLASS="example" ><A NAME="AEN140928" ></A ><P ><B >例 1. Object oriented style</B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><code><font color="#000000"> <font color="#0000BB"><?php<br />$mysqli </font><font color="#007700">= new </font><font color="#0000BB">mysqli</font><font color="#007700">(</font><font color="#DD0000">"localhost"</font><font color="#007700">, </font><font color="#DD0000">"my_user"</font><font color="#007700">, </font><font color="#DD0000">"my_password"</font><font color="#007700">, </font><font color="#DD0000">"world"</font><font color="#007700">);<br /><br /></font><font color="#FF8000">/* check connection */<br /></font><font color="#007700">if (</font><font color="#0000BB">mysqli_connect_errno</font><font color="#007700">()) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"Connect failed: %s\n"</font><font color="#007700">, </font><font color="#0000BB">mysqli_connect_error</font><font color="#007700">());<br /> exit();<br />}<br /><br /></font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">query</font><font color="#007700">(</font><font color="#DD0000">"CREATE TEMPORARY TABLE myCity LIKE City"</font><font color="#007700">);<br /><br /></font><font color="#0000BB">$city </font><font color="#007700">= </font><font color="#DD0000">"'s Hertogenbosch"</font><font color="#007700">;<br /><br /></font><font color="#FF8000">/* this query will fail, cause we didn't escape $city */<br /></font><font color="#007700">if (!</font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">query</font><font color="#007700">(</font><font color="#DD0000">"INSERT into myCity (Name) VALUES ('$city')"</font><font color="#007700">)) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"Error: %s\n"</font><font color="#007700">, </font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">sqlstate</font><font color="#007700">);<br />}<br /><br /></font><font color="#0000BB">$city </font><font color="#007700">= </font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">real_escape_string</font><font color="#007700">(</font><font color="#0000BB">$city</font><font color="#007700">);<br /><br /></font><font color="#FF8000">/* this query with escaped $city will work */<br /></font><font color="#007700">if (</font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">query</font><font color="#007700">(</font><font color="#DD0000">"INSERT into myCity (Name) VALUES ('$city')"</font><font color="#007700">)) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"%d Row inserted.\n"</font><font color="#007700">, </font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">affected_rows</font><font color="#007700">);<br />}<br /><br /></font><font color="#0000BB">$mysqli</font><font color="#007700">-></font><font color="#0000BB">close</font><font color="#007700">();<br /></font><font color="#0000BB">?></font> </font> </code></TD ></TR ></TABLE ></DIV ></TD ></TR ></TABLE ><TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" CLASS="EXAMPLE" ><TR ><TD ><DIV CLASS="example" ><A NAME="AEN140931" ></A ><P ><B >例 2. Procedural style</B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><code><font color="#000000"> <font color="#0000BB"><?php<br />$link </font><font color="#007700">= </font><font color="#0000BB">mysqli_connect</font><font color="#007700">(</font><font color="#DD0000">"localhost"</font><font color="#007700">, </font><font color="#DD0000">"my_user"</font><font color="#007700">, </font><font color="#DD0000">"my_password"</font><font color="#007700">, </font><font color="#DD0000">"world"</font><font color="#007700">);<br /><br /></font><font color="#FF8000">/* check connection */<br /></font><font color="#007700">if (</font><font color="#0000BB">mysqli_connect_errno</font><font color="#007700">()) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"Connect failed: %s\n"</font><font color="#007700">, </font><font color="#0000BB">mysqli_connect_error</font><font color="#007700">());<br /> exit();<br />}<br /><br /></font><font color="#0000BB">mysqli_query</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">, </font><font color="#DD0000">"CREATE TEMPORARY TABLE myCity LIKE City"</font><font color="#007700">);<br /><br /></font><font color="#0000BB">$city </font><font color="#007700">= </font><font color="#DD0000">"'s Hertogenbosch"</font><font color="#007700">;<br /><br /></font><font color="#FF8000">/* this query will fail, cause we didn't escape $city */<br /></font><font color="#007700">if (!</font><font color="#0000BB">mysqli_query</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">, </font><font color="#DD0000">"INSERT into myCity (Name) VALUES ('$city')"</font><font color="#007700">)) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"Error: %s\n"</font><font color="#007700">, </font><font color="#0000BB">mysqli_sqlstate</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">));<br />}<br /><br /></font><font color="#0000BB">$city </font><font color="#007700">= </font><font color="#0000BB">mysqli_real_escape_string</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">, </font><font color="#0000BB">$city</font><font color="#007700">);<br /><br /></font><font color="#FF8000">/* this query with escaped $city will work */<br /></font><font color="#007700">if (</font><font color="#0000BB">mysqli_query</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">, </font><font color="#DD0000">"INSERT into myCity (Name) VALUES ('$city')"</font><font color="#007700">)) {<br /> </font><font color="#0000BB">printf</font><font color="#007700">(</font><font color="#DD0000">"%d Row inserted.\n"</font><font color="#007700">, </font><font color="#0000BB">mysqli_affected_rows</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">));<br />}<br /><br /></font><font color="#0000BB">mysqli_close</font><font color="#007700">(</font><font color="#0000BB">$link</font><font color="#007700">);<br /></font><font color="#0000BB">?></font> </font> </code></TD ></TR ></TABLE ></DIV ></TD ></TR ></TABLE ><P >上例将输出:</P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><PRE CLASS="screen" >Error: 42000 1 Row inserted.</PRE ></TD ></TR ></TABLE ></DIV ><DIV CLASS="refsect1" ><A NAME="AEN140936" ></A ><H2 >参见</H2 ><P > <P ></P ><TABLE BORDER="0" ><TBODY ><TR ><TD ><A HREF="function.mysqli-character-set-name.html" ><B CLASS="function" >mysqli_character_set_name()</B ></A ></TD ></TR ></TBODY ></TABLE ><P ></P > </P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="function.mysqli-real-connect.html" ACCESSKEY="P" >上一页</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >起始页</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="function.mysqli-real-query.html" ACCESSKEY="N" >下一页</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >mysqli_real_connect</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="ref.mysqli.html" ACCESSKEY="U" >上一级</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >mysqli_real_query</TD ></TR ></TABLE ></DIV ></BODY ></HTML >