PHP mysqli real_escape_string() Fungsi
Contoh - Gaya Berorientasi Objek
Melarikan diri dari karakter khusus dalam string:
<?php
$mysqli = new mysqli("localhost","my_user","my_password","my_db");
if ($mysqli -> connect_errno) {
echo "Failed to connect to MySQL: " .
$mysqli -> connect_error;
exit();
}
// Escape special characters, if any
$firstname = $mysqli -> real_escape_string($_POST['firstname']);
$lastname = $mysqli -> real_escape_string($_POST['lastname']);
$age =
$mysqli -> real_escape_string($_POST['age']);
$sql="INSERT INTO Persons (FirstName, LastName, Age) VALUES ('$firstname', '$lastname', '$age')";
if (!$mysqli -> query($sql)) {
printf("%d Row inserted.\n", $mysqli->affected_rows);
}
$mysqli -> close();
?>
Lihat contoh gaya prosedural di bawah.
Definisi dan Penggunaan
Fungsi real_escape_string() / mysqli_real_escape_string() menghindari karakter khusus dalam string untuk digunakan dalam kueri SQL, dengan mempertimbangkan rangkaian karakter koneksi saat ini.
Fungsi ini digunakan untuk membuat string SQL legal yang dapat digunakan dalam pernyataan SQL. Asumsikan kita memiliki kode berikut:
<?php
$lastname = "D'Ore";
$sql="INSERT INTO Persons (LastName) VALUES ('$lastname')";
// This query will fail, cause we didn't escape $lastname
if (!$mysqli -> query($sql)) {
printf("%d Row inserted.\n", $mysqli->affected_rows);
}
?>
Sintaksis
Gaya berorientasi objek:
$mysqli ->
real_escape_string(escapestring)
Gaya prosedural:
mysqli_real_escape_string(connection, escapestring)
Nilai Parameter
Parameter | Description |
---|---|
connection | Required. Specifies the MySQL connection to use |
escapestring | Required. The string to be escaped. Characters encoded are NUL (ASCII 0), \n, \r, \, ', ", and Control-Z. |
Detail Teknis
Nilai Kembali: | Mengembalikan string yang lolos |
---|---|
Versi PHP: | 5+ |
Contoh - Gaya prosedural
Melarikan diri dari karakter khusus dalam string:
<?php
$con = mysqli_connect("localhost","my_user","my_password","my_db");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
exit();
}
// Escape special characters, if any
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$age = mysqli_real_escape_string($con, $_POST['age']);
$sql="INSERT INTO Persons (FirstName, LastName, Age) VALUES ('$firstname', '$lastname', '$age')";
if (!mysqli_query($con, $sql))
{
printf("%d Row inserted.\n", mysqli_affected_rows($con));
}
mysqli_close($con);
?>
Referensi PHP MySQLi