Possible Duplicate:
mysql_escape_string VS mysql_real_escape_string
我需要将 company_name(由用户通过表单提供)输入到我的 mysql 数据库中。
当我使用
$company = mysqli_real_escape_string($_POST['company_name'])
我得到一个错误
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in /opt/lampp/htdocs/Abacus-Version-2/admin/Company/insert_company.php on line 58
但使用时一切似乎都很好
$company = mysql_real_escape_string($_POST['company_name'])
遇到这种情况我该怎么办?
使用哪个取决于您使用的是 MySQLi
扩展还是 MySQL
扩展
// procedural mysqli
$db = new mysqli;
$sql = sprintf("INSERT INTO table (id,name,email,comment) VALUES (NULL,'%s','%s','%s')",
mysqli_real_escape_string($db,$name),
mysqli_real_escape_string($db,$email),
mysqli_real_escape_string($db,$comment) );
// mysql
$conn = mysql_connect();
$sql = sprintf("INSERT INTO table (id,name,email,comment) VALUES (NULL,'%s','%s','%s')",
mysql_real_escape_string($name,$conn),
mysql_real_escape_string($email,$conn),
mysql_real_escape_string($comment,$conn) );