Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
674 views
in Technique[技术] by (71.8m points)

php - mysqli_real_escape_string() returns empty string

I'm using mysqli_real_escape_string() on an email address, and it returns an empty string. It does this with any email address.

<?php
//from previous page - submitted by user.
$_POST['email']="aehmlo@aehmlo.com";
$_POST['password']='mypass1234';




//Link, I can verify it works.
$mysql_info=array(
     "url"=>"url",
     "username"=>"username",
     "password"=>"password",
     "database"=>"database"
);
$link=mysqli_connect($mysql_info['url'],$mysql_info['username'],$mysql_info['password'],$mysql_info['database']);


//Now I attempt to sanitize the user input.
$email=mysqli_real_escape_string($link,$_POST['email']);
$password=sha1(mysqli_real_escape_string($link,$_POST['password']));
var_dump($email);
var_dump($password);?>

My table's collation is "latin1_swedish_ci".

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

If your connection is empty ($link), it will return an empty string. I tested this and it worked fine. I would recommend that you add error handling to your connection and enable error reporting.

<?php
$link = mysqli_connect("localhost", "root", "root", "test");

/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s
", mysqli_connect_error());
    exit();
}

$_POST['email'] = "aehmlo@aehmlo.com";

$email = mysqli_real_escape_string($link, $_POST['email']);

var_dump($email);

mysqli_close($link);
?>

Result

string(17) "aehmlo@aehmlo.com"

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...