我想在数据库中存储一些带有下载文件名称的下载计数。 这很好用:
$filename = $_GET['file'];
// in combination with
mysqli_query($link, "INSERT INTO download_manager (filename,downloads)
VALUES ('$filename',1) ON DUPLICATE KEY UPDATE downloads = downloads+ 1;");
现在我想用mysqli_real_escape_string
转义$ _GET当我这样做时,脚本不再起作用了:
$filename = mysqli_real_escape_string($_GET['file']);
// in combination with
mysqli_query($link, "INSERT INTO download_manager (filename,downloads)
VALUES ('$filename',1) ON DUPLICATE KEY UPDATE downloads = downloads+ 1;");
如何以正确的方式使用此示例中的mysqli_real_escape_string?
答案 0 :(得分:1)
来自php文档mysqli_real_escape_string程序样式
string mysqli_real_escape_string ( mysqli $link , string $escapestr )
所以你的代码应该是
$filename = mysqli_real_escape_string($link,$_GET['file']);