php mysql_real_escape_string 未定义
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/13856639/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
mysql_real_escape_string is undefined
提问by MichaelH
I am using PHP version 5.3 and trying to use mysql_real_escape_string($unescaped_string)in my code, but I get the error:
我正在使用 PHP 5.3 版并尝试mysql_real_escape_string($unescaped_string)在我的代码中使用,但出现错误:
Fatal error: Call to undefined function mysql_real_escape_string()
in /var/www/engine/database.php on line 38
I can still connect to the database however. Why is it not available?
但是我仍然可以连接到数据库。为什么不可用?
I am using PHP version 5.3.
我使用的是 PHP 5.3 版。
回答by Vyktor
Updateas mentioned in comment, mysql_has been deprecated since 5.5:
The mysql extension has been deprecated since PHP 5.5. The mysqli or PDO extension should be used instead. The deprecation has been decided in mysql_deprecation, where a discussion of the reasons behind this decision can be found.
自 PHP 5.5 起不推荐使用 mysql 扩展。应改用 mysqli 或 PDO 扩展。弃用已在mysql_deprecation 中决定,其中可以找到有关此决定背后原因的讨论。
and removed in PHP 7.
并在 PHP 7 中删除。
mysql_real_escape_string()is standard part of MySQL function "batch"and should always work if the extension is loaded correctly.
mysql_real_escape_string()是MySQL 函数“批处理”的标准部分,如果扩展正确加载,则应始终工作。
Does any another mysql_function work? (It should not)
有其他mysql_功能吗?(应该不会)
Make sure, that you have this line uncommented in your php.ini:
确保您在以下行中取消注释php.ini:
extension=mysql.so
Also it'd be wise to use mysqlior PDOinstead (mysql_is deprecated), they both can take care of escaping for you.
回答by speksy
In my case I used mysqli_real_escape_stringinstead of mysql_real_escape_string.
在我的情况下,我使用mysqli_real_escape_string而不是mysql_real_escape_string.
回答by nemesisfixx
Interestingly, after exploring all the other solutions here, I realized the problem is actually due to the php5-mysqlextension not having been installed yet - it's not installed by default on a fresh Ubuntu, neither when u install fresh php. So, for me the solution became: install the php5-mysql extension:
有趣的是,在这里探索了所有其他解决方案后,我意识到问题实际上是由于php5-mysql尚未安装扩展程序 - 默认情况下它没有安装在新的 Ubuntu 上,当你安装新的 php 时也没有安装。所以,对我来说,解决方案变成了:安装 php5-mysql 扩展:
sudo apt-get install php5-mysql
After this, I wasn't getting those nasty mysql_* errors again ;-)
在此之后,我再也没有遇到那些讨厌的 mysql_* 错误;-)
回答by Kristoffer Bohmann
MySQL extension is deprecated since PHP 5.5. mysql_real_escape_string() is therefore not available in PHP 7. This means that user input cannot be escaped correctly and leaves the code open to SQL injection attacks.
自 PHP 5.5 起不推荐使用 MySQL 扩展。mysql_real_escape_string() 因此在 PHP 7 中不可用。这意味着用户输入无法正确转义,并使代码容易受到 SQL 注入攻击。
The PHP-official solution is to replace ext/mysql with MySQLi, PDOor other supported database extension.
PHP 官方的解决方案是将 ext/mysql 替换为 MySQLi、PDO或其他支持的数据库扩展。
To prevent SQL injection attacks, it is recommended to use prepared statements and parameterized querieswhen talking to the database.
为了防止 SQL 注入攻击,建议在与数据库交谈时使用准备好的语句和参数化查询。
回答by shinosn
Maybe your problem resides into the php server config (compiling).
也许您的问题存在于 php 服务器配置(编译)中。
Here more information about the mysql_real_escape_string: http://www.php.net/manual/en/function.mysql-real-escape-string.php
这里有关于 mysql_real_escape_string 的更多信息:http://www.php.net/manual/en/function.mysql-real-escape-string.php
