我有这个简单的PHP脚本:
// $_POST["sql"] = "INSERT INTO ..."
$pol = @new mysqli($servername, $username, $password, $db);
if(isset($_POST["sql"])){
$sql = $_POST["sql"];
$sql = mysqli_real_escape_string($pol, htmlentities($sql, ENT_QUOTES, "UTF-8"));
echo $sql;
$result = $pol->query($sql);
echo $result;
}
由于某种原因,除非我删除具有htmlentities功能的行,否则它不起作用。有谁知道为什么会这样?