您当前的位置：首页 > 网络编程 > php教程

php mysql_real_escape_string()函数

时间：2015-01-23 来源：西部数据作者：西部数据

mysql_real_escape_string() 函数转义 SQL 语句中使用的字符串中的特殊字符,下列字符受影响:

x00 n r ' " x1a

如果成功,则该函数返回被转义的字符串,如果失败,则返回 false.

语法:mysql_real_escape_string(string,connection)

参数描述

string 必需,规定要转义的字符串

connection 可选,规定 MySQL 连接,如果未规定,则使用上一个连接.

PHP实例代码如下:

<?php

  function opendatabase ($host,$user,$pass) {

    try {

      if ($db = mysql_connect ($host,$user,$pass)){

        return $db;

      } else {

        throw new exception ("Sorry, could not connect to mysql.");

      }

    } catch (exception $e) {

      echo $e->getmessage ();

    }

  }



  function selectdb ($whichdb, $db){

    try {

      if (!mysql_select_db ($whichdb,$db)){

        throw new exception ("Sorry, database could not be opened.");

      }

    } catch (exception $e) {

      echo $e->getmessage();

    }

  }

  function closedatabase ($db){

    mysql_close ($db);

  }

  $db = opendatabase ("localhost","root","");

  selectdb ("mydatabase",$db);

  $_POST['user'] = "myname";

  $_POST['pass'] = "mypassword";



  function validatelogin ($user,$pass){

    mysql_real_escape_string ($user);

    mysql_real_escape_string ($pass);

    $thequery = "SELECT * FROM userlogin WHERE username='$user' AND password='$pass'";

    if ($aquery = mysql_query ($thequery)){

      if (mysql_num_rows ($aquery) > 0){

        return true;

      } else {

        return false;

      }

    } else {

      echo mysql_error();

    }//开源代码phpfensi.com

  }



  if (validatelogin ($_POST['user'],$_POST['pass'])){

    echo "You have successfully logged in.";

  } else {

    echo "Sorry, you have an incorrect username and/or password.";

  }



  closedatabase ($db);



?>