我目前在使用mysql_real_escape_string和ctype_alnum时遇到问题,这是我的代码:
<?php
if (isset($_GET['u'])) {
$username = mysqli_real_escape_string($_GET['u']);
echo $username;
if (ctype_alnum($username)) {
//check user exists
$check = mysqli_query($conn,"SELECT username, first_name FROM users2 WHERE username='$username'");
if (mysqli_num_rows($check)===1) {
$get = mysqli_fetch_assoc($check);
$username = $get['username'];
$firstname = $get['first_name'];
}
else
{
echo "<meta http-equiv=\"refresh\" content=\"0; url=/index.php\">";
exit();
}
}
}
?>
每当我尝试输出$ username时,它都不会显示任何内容,我使用此代码访问profile.php等页面?u = rahulkapoor
答案 0 :(得分:0)
mysqli_real_escape_string需要连接作为第一个参数:
$username = mysqli_real_escape_string($conn,$_GET['u']);