mysql教程_real_escape_string() 函數轉義 SQL 語句中使用的字符串中的特殊字符。
下列字符受影響:
x00
n
r
'
"
x1a
如果成功,則該函數返回被轉義的字符串。如果失敗,則返回 false。
語法
mysql_real_escape_string(string,connection)參數 描述
string 必需。規定要轉義的字符串。
connection 可選。規定 MySQL 連接。如果未規定,則使用上一個連接。
實例
<?php教程
function opendatabase ($host,$user,$pass) {
try {
if ($db = mysql_connect ($host,$user,$pass)){
return $db;
} else {
throw new exception ("Sorry, could not connect to mysql.");
}
} catch (exception $e) {
echo $e->getmessage ();
}
}
function selectdb ($whichdb, $db){
try {
if (!mysql_select_db ($whichdb,$db)){
throw new exception ("Sorry, database could not be opened.");
}
} catch (exception $e) {
echo $e->getmessage();
}
}
function closedatabase ($db){
mysql_close ($db);
}
$db = opendatabase ("localhost","root","");
selectdb ("mydatabase",$db);
$_POST['user'] = "myname";
$_POST['pass'] = "mypassword";
function validatelogin ($user,$pass){
mysql_real_escape_string ($user);
mysql_real_escape_string ($pass);
$thequery = "SELECT * FROM userlogin WHERE username='$user' AND password='$pass'";
if ($aquery = mysql_query ($thequery)){
if (mysql_num_rows ($aquery) > 0){
return true;
} else {
return false;
}
} else {
echo mysql_error();
}
}
if (validatelogin ($_POST['user'],$_POST['pass'])){
echo "You have successfully logged in.";
} else {
echo "Sorry, you have an incorrect username and/or password.";
}
closedatabase ($db);
?>