我有以下config.php文件
<?php
$hostname="localhost";
$user="root";
$database="loginpanel";
$password="";
$conn = new PDO("mysql:host=$hostname;dbname=$database", $user, $password);
try
{
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
#echo "Connected successfully";
}
catch(PDOException $e)
{
echo "Connection failed: " . $e->getMessage();
}
?>
现在我试图在所有POST参数上实现mysqli_real_escape_string函数,但它无效。
我已经尝试过两种方式 -
$name = mysqli_real_escape_string($_POST['name']);
$name = mysqli_real_escape_string($conn, $_POST['name']);
但是如果我删除了这个功能,它们都没有工作,数据插入很好。
这是插入查询 -
//Insert Query with PDO Prepared Statements
$sql = "INSERT INTO login (name) VALUES (?)";
$stmt = $conn->prepare($sql);
$stmt->execute(array($name));
$success = "Added";