mysqli_real_escape_string () / mysqli :: real_escape_string ใช้เพื่อตัดอักขระพิเศษในสตริงเพื่อใช้ในคำสั่ง SQL
การเขียนในรูปแบบ : Object oriented style
string mysqli::escape_string ( string $escapestr )
string mysqli::real_escape_string ( string $escapestr )
การเขียนในรูปแบบ : Procedural style
string mysqli_real_escape_string ( mysqli $link , string $escapestr )
—————————————————————————-
Parameter ที่มีการนำมาเข้ารหัส เช่น NUL (ASCII 0), \n, \r, \, ‘, “, and Control-Z.
ตัวอย่างรูปแบบ : Object oriented style
<?php
$mysqli = new mysqli("localhost", "user1", "bsru", "hr");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$mysqli->query("CREATE TEMPORARY TABLE myCity LIKE City");
$city = "bangkok";
/* this query will fail, cause we didn't escape $city */
if (!$mysqli->query("INSERT into myCity (Name) VALUES ('$city')")) {
printf("Error: %s\n", $mysqli->sqlstate);
}
$city = $mysqli->real_escape_string($city);
/* this query with escaped $city will work */
if ($mysqli->query("INSERT into myCity (Name) VALUES ('$city')")) {
printf("%d Row inserted.\n", $mysqli->affected_rows);
}
$mysqli->close();
?>
ตัวอย่างรูปแบบ : procedural style
<?php
$link = mysqli_connect("localhost", "user1", "buru", "hr");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
mysqli_query($link, "CREATE TEMPORARY TABLE myCity LIKE City");
$city = "bangkok";
/* this query will fail, cause we didn't escape $city */
if (!mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) {
printf("Error: %s\n", mysqli_sqlstate($link));
}
$city = mysqli_real_escape_string($link, $city);
/* this query with escaped $city will work */
if (mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) {
printf("%d Row inserted.\n", mysqli_affected_rows($link));
}
mysqli_close($link);
?>
นักวิชาการคอมพิวเตอร์ (ฝ่ายพัฒนาระบบสารสนเทศ)