对此代码的mysqli_real_escape_string（）警告

Question

查询：

if ($_SERVER["REQUEST_METHOD"]=="POST") {

    $username = mysqli_real_escape_string(trim($_POST["username"]), $db);
    $password = mysqli_real_escape_string(trim($_POST["password"]), $db);
    $password = md5($password);

    $sql = "Insert into login(username,password) values('$username','$password');";
    $result = mysqli_query($db,$sql);
    echo"Successful Registration";

    if($result) {
        echo("Successfully updated");       
    }else{
        die ("no database");
    }
}

错误：

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given in C:\xampp\htdocs\test.php on line 14

Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, string given in C:\xampp\htdocs\test.php on line 15

Warning: mysqli_query() expects parameter 1 to be mysqli, resource given in C:\xampp\htdocs\test.php on line 19

成功注册数据库

Answer 1

您的参数顺序错误，请再次阅读文档。例如：

$username = mysqli_real_escape_string(trim($_POST["username"]), $db);

应该是：

$username = mysqli_real_escape_string($db, trim($_POST["username"]));

请参阅http://php.net/mysqli_real_escape_string（程序样式）以获取正确的参数顺序。