我是php新手...
我有与php代码相关的问题!
哪个是对的? 1. $ con-> real_escape_string(...); 要么 2. mysqli_real_escape_string(...);
两者的作用相同吗?
“ $ con-> real_escape_string”和“ mysqli_real_escape_string($ con)”之间有什么区别?
解释:-
//In dbcon.php
<?php
$con = mysqli_connect("localhost", "root", "", "hello");
if ($con == false) {
echo "DB ERROR!";
}
?>
//In index.php
<form class="form-group" autocomplete="off" action="dat.php" method="post">
<input type="text" name="data1" value="">
<input type="text" name="data2" value="">
<input type="submit" name="submit" value="ok">
</form>
<?php
include('dbcon.php');
if (isset($_POST['submit'])) {
$data1 = $con->real_escape_string($_POST['data1']);
//what is difference between "$con->real_escape_string" and "mysqli_real_escape_string($con)"
$data2 = mysqli_real_escape_string($con,$_POST['data2']);
$sql = mysqli_query($con,"INSERT INTO `data`(`data1`, `data2`) values ('$data1', '$data2')");
}
?>