我现在有一个工作岗位的表格,每当用户输入数据时我使用mysql真正的转义字符串它在mysql中插入空白数据可能是什么原因? 这是网站的代码。事情是我不能相信用户输入,这就是为什么我想使用mysql_real_escape字符串。我一直在尝试和改变代码从2小时,但没有一个给我很好的结果!
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = mysql_real_escape_string($data);
return $data;
}
$userid1 = $_SESSION['username2'];
$email= test_input($_POST['email']);
$salary= test_input($_POST['salary']);
$job_title = test_input($_POST['jtitle']);
$company = test_input($_POST['company']);
$company = mysql_real_escape_string($_POST['company']);
$location = test_input($_POST['location']);
$jobtype = test_input($_POST['jobtype']);
$description = test_input($_POST['description']);
$closingdate = test_input($_POST['closingdate']);
$application = test_input($_POST['application']);
$phone = test_input($_POST['phone']);
$company_description = test_input($_POST['company_description']);
$co_video = test_input($_POST['co_video']);
$website = test_input($_POST['website']);
$fbid = test_input($_POST['fbid']);
$twid = test_input($_POST['twid']);
function create_slug($string){
$replace = '-';
$string = strtolower($string);
//replace / and . with white space
$string = preg_replace("/[\/\.]/", " ", $string);
$string = preg_replace("/[^a-z0-9_\s-]/", "", $string);
//remove multiple dashes or whitespaces
$string = preg_replace("/[\s-]+/", " ", $string);
//convert whitespaces and underscore to $replace
$string = preg_replace("/[\s_]/", $replace, $string);
//limit the slug size
$string = substr($string, 0, 100);
//slug is generated
return $string;
}
$string = $job_title;
$slug = create_slug($string);
$query = mysqli_query($con, "SELECT * FROM `job` WHERE `url` LIKE '".$slug."%'");
$exists = mysqli_fetch_array(mysqli_query($con,"SELECT count(id) as notify FROM `job` where `url` LIKE '".$slug."%'"));
$notify = $exists['notify'];
if ($notify > 0)
{
$new_number = $notify + 1;
$newslug = $slug."-".$new_number;
$run = mysqli_query($con, "INSERT INTO `job` (`email`, `salary`, `username`, `job_title`, `company_name`, `location`, `job_type`, `description`, `phone`, `closing_date`, `application_url`, `company_description`, `video`, `website`, `fb`, `tw`, `category`, `url`) VALUES ('".$email."', '".$salary."', '".$userid1."', '".$job_title."', '".$company."', '".$location."', '".$jobtype."', '".$description."', '".$phone."', '".$closingdate."', '".$application."', '".$company_description."', '".$co_video."', '".$website."', '".$fbid."', '".$twid."', '".$lt."' , '".$newslug."')");
} else{
$run = mysqli_query($con, "INSERT INTO `job` (`email`, `salary`, `username`, `job_title`, `company_name`, `location`, `job_type`, `description`, `phone`, `closing_date`, `application_url`, `company_description`, `video`, `website`, `fb`, `tw`, `category`, `url`) VALUES ('".$email."', '".$salary."', '".$userid1."', '".$job_title."', '".$company."', '".$location."', '".$jobtype."', '".$description."', '".$phone."', '".$closingdate."', '".$application."', '".$company_description."', '".$co_video."', '".$website."', '".$fbid."', '".$twid."', '".$lt."', '".$slug."')");
答案 0 :(得分:0)
我认为你必须在mysqli_real_escape_string中使用两个参数 但首先你必须通过设置与数据库的连接来创建第一个参数,它应该像
<?php
//for setting up connection with database
$conn=mysqli_connect('yourhostname','your mysql user name','your mysql password','your database');
//than try using this parameter in mysqlirealescapestring
$data=mysqli_real_escape_string($conn,$data);
?>
我希望这可以起作用