我正在使用PHP real_escape_string对我的sql语句进行整理,但是在脚本加载时遇到致命错误:
可捕获的致命错误:类mysqli_result的对象无法转换为字符串....
在线:$query.=", EMGNAME='" . $db->real_escape_string($_POST["emgname"])
$db = new mysqli("XXX","YYY","ZZZZ", "DDDD");
/* check connection */
if ($db->connect_error) {
trigger_error('Database connection failed: ' . $db->connect_error, E_USER_ERROR);
}
if ($_POST['toedit']=="profile")
{
$query="UPDATE STUDENTS SET ";
$query.="SEMAIL='" . $db->real_escape_string($_POST["email"]) . "'";
// $query.=", NATIONALITY='" . $db->real_escape_string($_POST["nationality"]). "'";
$query.=", ADDRESS1='" . $db->real_escape_string($_POST["address1"]). "'";
if (empty($_POST["ADDRESS2"]))
{
$query.=", ADDRESS2=NULL";
}
else
{
$query.=", ADDRESS2='" . $db->real_escape_string($_POST["address2"]) . "'";
}
$query.=", CITY='" . $db->real_escape_string($_POST["city"]) . "'";
if (empty($_POST["STATE"]))
{
$query.=", STATE=NULL";
}
else
{
$query.=", STATE='" . $db->real_escape_string($_POST["state"]) . "'";
}
if (empty($_POST["postal"]))
{
$query.=", POSTAL=NULL";
}
else
{
$query.=", POSTAL='" . $db->real_escape_string($_POST["postal"]) . "'";
}
$query.=", COUNTRY='" . $db->real_escape_string($_POST["country"]) . "'";
$query.=", SPHONE='" . $db->real_escape_string($_POST["sphone"]) . "'";
}//profile tab
else if ($_POST['toedit']=="emergency")
{
if (empty($_POST["emgname"]))
{
$query.="EMGNAME=NULL";
}
else
{
$query.=", EMGNAME='" . $db->real_escape_string($_POST["emgname"]) . "'";
}
if (empty($_POST["emgphone"]))
{
$query.=", EMGPHONE=NULL";
}
else
{
$query.=", EMGPHONE='" . $db->real_escape_string($_POST["emgphone"]) . "'";
}
我通过ajax调用脚本来仅更新正在使用的选项卡,因此表单不会传递'emgname',但似乎PHP想要尝试执行real_escape_string,即使它在if语句中。 目前,选项卡调用一个脚本来更新要编辑的内容(否则为if($ _POST ['toedit'])) - 但似乎php迫使我进入每个选项卡的不同脚本?
答案 0 :(得分:-1)
问题是我使用Jquery选项卡来加载每个表单。提交表单时,它传递的是NULL值,real_escape_string无法处理。