我使用oci_connect连接到oracle,我收到此错误:
警告:mysqli_real_escape_string()期望参数1是mysqli,资源是在
所以我试图改变mysqli_real_escape_string()与oci ...
这是我的代码:
$condition = '';
$query = explode(" ", $_GET["search"]);
foreach($query as $text)
{
$condition .= "VIDEO_TITLE LIKE '%".mysqli_real_escape_string($connect, $text)."%' OR ";
}
$condition = substr($condition, 0, -4);
$sql_query = "SELECT * FROM TBL_VIDEO WHERE " . $condition;
$result = oci_parse($connect, $sql_query);
oci_execute($result);
if(oci_num_rows($result) > 0)
我使用以下功能。准备好的陈述绝对是大多数人的首选,但这是一个很好的选择:
<?php
function mysql_escape_mimic($inp) {
if(is_array($inp))
return array_map(__METHOD__, $inp);
if(!empty($inp) && is_string($inp)) {
return str_replace(array('\\', "\0", "\n", "\r", "'", '"', "\x1a"), array('\\\\', '\\0', '\\n', '\\r', "\\'", '\\"', '\\Z'), $inp);
}
return $inp;
}
所以你要替换这一行:
$condition .= "VIDEO_TITLE LIKE '%".mysqli_real_escape_string($connect, $text)."%' OR ";
有:
$condition .= "VIDEO_TITLE LIKE '%".mysql_escape_mimic($connect, $text)."%' OR ";
我从这里借来的:http://php.net/manual/en/function.mysql-real-escape-string.php#101248