PHP.net 官網介紹 mysqli_real_escape_string()
w3schools 介紹 mysqli_real_escape_string()
RUNOOB 菜鳥教程 介紹 mysqli_real_escape_string()
語法:
mysqli_real_escape_string( connection , escapestring );
mysqli_real_escape_string( 連接資料庫 , 將帶入資料庫的資料 );
//接收到表單傳來的資料------------------------ $mb_name = $_POST['mb_name']; $mb_content = $_POST['mb_content']; $mb_name = mysqli_real_escape_string($conn,$mb_name); $mb_content = mysqli_real_escape_string($conn,$mb_content);
//接收表單輸入的資料 $mb_name = $_POST['mb_name']; $mb_content = $_POST['mb_content']; $mb_id = $_POST['mb_id']; $mb_id = mysqli_real_escape_string($conn,$mb_id); $mb_name = mysqli_real_escape_string($conn,$mb_name); $mb_content = mysqli_real_escape_string($conn,$mb_content);
if( isset($_GET['mb_id']) ){ $mb_id = $_GET['mb_id']; $mb_id = mysqli_real_escape_string($conn,$mb_id); }