我需要使用bind_param来逃避数据注入。当我使用bind_param时,特殊字符如€或ب在mysql中保存为ØμØ°Ù,.
1 - 我确定mysql表设置正确。
2 - 我已将字处理器的编码更改为UTF8。
3 - 我在所有地方都包含了许多utf8字符集。
有任何想法如何解决这个问题?或者我应该开始使用其他方法,如mysqli_real_escape_string?
($ _ POST [“post_word”]在单独的页面中生成)
$connect = mysqli_connect("r"," r","r","r"); //not real data here
$connect->set_charset('utf8');
$connect->query("SET NAMES utf8");
$querye= mysql_query("SET NAMES utf8");
mysqli_query($connect,"INSERT INTO wordtable ( wdate) VALUES (CURRENT_TIMESTAMP())");
$sqlz = "SELECT wid FROM wordtable ORDER BY wdate DESC LIMIT 1";
$resultz = mysql_query($sqlz);
$rowz = mysql_fetch_array($resultz);
$wid=$rowz['wid'];
$mysqli = new mysqli(HOSTNAME, MYSQLUSER, MYSQLPASS, MYSQLDB);
$connect->set_charset('utf8');
$unsafe_variable = $_POST["post_word"];
$stmt = $mysqli->prepare("UPDATE wordtable SET word=(?)
WHERE wid='$wid' ");
$stmt->bind_param("s", $unsafe_variable);
$stmt->execute();
$stmt->close();
$mysqli->close();
答案 0 :(得分:0)
它可能是
$querye= mysql_query("SET NAMES utf8");
你在这里查询MySQL