mysqli_real_escape_string () / mysqli :: real_escape_string ใช้เพื่อตัดอักขระพิเศษในสตริงเพื่อใช้ในคำสั่ง SQL
การเขียนในรูปแบบ : Object oriented style
string mysqli::escape_string ( string $escapestr )
string mysqli::real_escape_string ( string $escapestr )
การเขียนในรูปแบบ : Procedural style
string mysqli_real_escape_string ( mysqli $link , string $escapestr )
—————————————————————————-
Parameter ที่มีการนำมาเข้ารหัส เช่น NUL (ASCII 0), \n, \r, \, ‘, “, and Control-Z.
ตัวอย่างรูปแบบ : Object oriented style
<?php $mysqli = new mysqli("localhost", "user1", "bsru", "hr"); /* check connection */ if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit(); } $mysqli->query("CREATE TEMPORARY TABLE myCity LIKE City"); $city = "bangkok"; /* this query will fail, cause we didn't escape $city */ if (!$mysqli->query("INSERT into myCity (Name) VALUES ('$city')")) { printf("Error: %s\n", $mysqli->sqlstate); } $city = $mysqli->real_escape_string($city); /* this query with escaped $city will work */ if ($mysqli->query("INSERT into myCity (Name) VALUES ('$city')")) { printf("%d Row inserted.\n", $mysqli->affected_rows); } $mysqli->close(); ?>
ตัวอย่างรูปแบบ : procedural style
<?php $link = mysqli_connect("localhost", "user1", "buru", "hr"); /* check connection */ if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit(); } mysqli_query($link, "CREATE TEMPORARY TABLE myCity LIKE City"); $city = "bangkok"; /* this query will fail, cause we didn't escape $city */ if (!mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) { printf("Error: %s\n", mysqli_sqlstate($link)); } $city = mysqli_real_escape_string($link, $city); /* this query with escaped $city will work */ if (mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) { printf("%d Row inserted.\n", mysqli_affected_rows($link)); } mysqli_close($link); ?>