我有这个脚本。
<?php
session_start();
if (!isset($_POST['text']) || $_POST['text'] == "" || strlen($_POST['text']) < 5) {
echo "error";
echo '<meta http-equiv="refresh" content="2;url=../prispevky/add.php">';
return 0;}
else $text = $_POST['text'];
if (!isset ($_SESSION['nick'])) {
echo "error";
echo '<meta http-equiv="refresh" content="2;url=../error.php">';
return 0;}
else $nick = $_SESSION['nick'];
$time = time();
$farby = array("red","blue","green", "brown", "orange", "purple", "grey", "lime", "yellow", "pink");
include_once "../inkludy/conect.php";
$new = $_POST['text'];
echo $new;
$new = mysqli_real_escape_string($_POST['text']);
echo $new;
$new = str_replace(array("\\r\\n", "\n"), "</br>", $new);
for ($i=0;$i<10;$i++){
if (preg_match ('/< .{1,10} >/', $new, $meno)){
$nove_meno = preg_replace('/(< )|( >)/', '', $meno[0]);
$new = preg_replace('/' . $meno[0] . '/', '<b style="color:' . $farby[$i] . '">>' . $nove_meno . '<</b>', $new);
}
}
try {
$query = "INSERT INTO hlasky (autor,text,onoff,time) VALUES (:nick,:new,:onoff,:time)";
$stmt = $conn->prepare($query);
$stmt->bindValue(':nick', $nick, PDO::PARAM_STR);
$stmt->bindValue(':new', $new, PDO::PARAM_STR);
$stmt->bindValue(':onoff', '1', PDO::PARAM_INT);
$stmt->bindValue(':time', $time, PDO::PARAM_INT);
$stmt->execute();}
catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();}
?>
<meta http-equiv="refresh" content="10;url=../hmenu/najn.php">
$ _ POST =“asdasd”和
$new = $_POST['text'];
echo $new;
工作正常,但回声除了
$new = mysqli_real_escape_string($_POST['text']);
echo $new;
让$ new为空。大家都认为我没有mysql连接,但我有和
INSERT INTO hlasky (autor,text,onoff,time) VALUES (:nick,:new,:onoff,:time)
也可以,但是:新的是空的 你能不能帮我解决$ new string的问题?
这是我的连接脚本包含在include_once“../ inkludy / conect.php”;
<?php
$server = "localhost";
$username = "";
$password = "";
$databaza_meno = "iz";
$dsn = "mysql:unix_socket=/tmp/mysql50.sock;dbname=$databaza_meno";
$conn = new PDO($dsn, $username, $password);
$db_spojenie = mysql_connect($server, $username, $password);
$db = mysql_select_db($databaza_meno, $db_spojenie);
mysql_query("SET NAMES utf-8");
?>
答案 0 :(得分:0)
解决方案是删除mysqli_real_escape_string并仅使用PDO,因为预处理语句提供了自动转义。
答案 1 :(得分:-4)
我认为您在调用mysqli_real_escape_string
时需要指定一个链接。我不经常使用PDO,但我相信由于你的链接$conn
在PDO中,如果你想使用以mysqli开头的任何函数,你需要使用mysqli_connect
指定一个新链接。
mysqli_real_escape_string
的文档位于:http://us2.php.net/manual/en/mysqli.real-escape-string.php