我试图将一个文件插入到表中,但是后面的代码出现了以下错误:
警告:mysqli_real_escape_string()需要2个参数,1个给定
这是我的PHP代码:
<?php
if(isset($_FILES['uploaded_file'])) {
// Make sure the file was sent without errors
if($_FILES['uploaded_file']['error'] == 0) {
$sql_connection = mysql_connect("localhost", "teste", "localhost");
mysql_select_db("skande5_form", $sql_connection);
$nameFile = mysqli_real_escape_string($_FILES['uploaded_file']['name']);
$mime = mysqli_real_escape_string($_FILES['uploaded_file']['type']);
$size = mysqli_real_escape_string($_FILES['uploaded_file']['size']);
$data = mysqli_real_escape_string(file_get_contents($_FILES ['uploaded_file']['tmp_name']));
有谁知道如何解决这个问题?
答案 0 :(得分:2)
这是因为您混合了mysql_*和mysqli_函数,mysql的正确语法是mysql_real_escape_string
mysql_select_db和mysql_connect - &gt; MySQL的
mysqli_real_escape_string - &gt; mysqli的
我建议使用mysqli并使用准备好的语句来查看mysql注入的任何风险,请查看How can I prevent SQL injection in PHP?。