PHP mysqli_real_escape_string 返回空字符串

Question

如果我不使用 mysql_real_escape_string 函数，代码可以正常工作。但是这个函数没有返回任何东西!我读到问题可能是由于我没有 mysql 连接，但事实并非如此!

请帮忙!

<?php
$con=mysqli_connect("localhost","root","pwd","mysql");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

$title = mysqli_real_escape_string($_POST["title"]);
$comment = mysqli_real_escape_string($_POST["comment"]);
$type = $_POST["type"];
$time = date("Y-m-d H:i:s");


$sql="INSERT INTO posts
VALUES
('','$type','$time','$time','$title','$comment','0','0','0','0','0')";

if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }



mysqli_close($con);
header ("location: index.php");
?>

Answer 1

您需要将连接传递给函数

$title = mysqli_real_escape_string($con, $_POST["title"]);