Documentationsaying two parameters: string mysqli_real_escape_string ( mysqli $link , string $escapestr ).

文档说两个参数：string mysqli_real_escape_string ( mysqli $link , string $escapestr ).

The first one is a link for a mysqli instance, the second one is the string to escape.

第一个是 mysqli 实例的链接，第二个是要转义的字符串。

Let me just add an extra bit of information: If you are using NetBeans, its documentation actually shows the mysqli_real_escape_string function like this:

让我补充一点信息：如果您使用的是 NetBeans，它的文档实际上显示了 mysqli_real_escape_string 函数，如下所示：

mysqli_real_escape_string (PHP 5)
    Escapes special characters in a string for use in an SQL statement, taking into account the current charset of the connection

Parameters:

    string $escapestr
        'The string to be escaped.'

Returns:

    Type:
    string

Description:
    an escaped string.

This is wrong, though, as shown in the other answers. It requires both the $link and the $string.

但是，如其他答案所示，这是错误的。它需要 $link 和 $string。

$con = new mysqli("localhost", "root", "your_password", "your_database_name");
$data = json_decode(file_get_contents("php://input"));
$empno = mysqli_real_escape_string($con, $data->empno);//this will do your work

Following is the proper format to use it :

以下是使用它的正确格式：

string mysqli_real_escape_string ( mysqli $link , string $escapestr )

first parameter is mysql connection link identifier, and second is string For more details, you can visit this link : http://in2.php.net/manual/en/mysqli.real-escape-string.php.

第一个参数是 mysql 连接链接标识符，第二个参数是 string 详细信息可以访问这个链接：http: //in2.php.net/manual/en/mysqli.real-escape-string.php。

mysqli_real_escape_string(DBconnection, __dat__a); mysqli_real_escape_string needs the db connection variable

mysqli_real_escape_string( DBconnection, __dat__a); mysqli_real_escape_string 需要数据库连接变量