$db = new PDO('mysql:host=localhost;dbname=test', 'root', '');
$name = 'zhangsan"';
$db->query('select * from test where name = "' . mysql_real_escape_string($name) . '"');
/*
结果:Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO)Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established
$db = new PDO('mysql:host=localhost;dbname=test', 'root', '');
$name = 'zhangsan"';
$db->query('select * from test where name = "' . mysql_real_escape_string($name, $db) . '"');
/*
结果:Warning: mysql_real_escape_string() expects parameter 2 to be resource, object given
*/我的mysql实实在在的连上了,不知道这个到底该如何使用呢?
$name = 'zhangsan"';
$db->query('select * from test where name = "' . mysql_real_escape_string($name) . '"');
/*
结果:Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO)Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established
$db = new PDO('mysql:host=localhost;dbname=test', 'root', '');
$name = 'zhangsan"';
$db->query('select * from test where name = "' . mysql_real_escape_string($name, $db) . '"');
/*
结果:Warning: mysql_real_escape_string() expects parameter 2 to be resource, object given
*/我的mysql实实在在的连上了,不知道这个到底该如何使用呢?
本函数将 unescaped_string中的特殊字符转义,并计及连接的当前字符集,因此可以安全用于 mysql_query()。
<?php
$item = "Zak's and Derick's Laptop";
$escaped_item = mysql_real_escape_string($item);
printf ("Escaped string: %s\n", $escaped_item);
?> 以上例子将产生如下输出:
Escaped string: Zak\'s and Derick\'s Laptop
怪我没看仔细,原来在pdo中用quote代替了那个方法了