8.81 Extension MySQL améliorée
8 Référence des fonctions
Manuel PHP
. Introduction
. Pré-requis
. Installation
. Configuration à l'exécution
. Classes pré-définies
. Constantes pré-définies
. mysqli_affected_rows
. mysqli_autocommit
. mysqli_bind_param
. mysqli_bind_result
. mysqli_change_user
. mysqli_character_set_name
. mysqli_client_encoding
. mysqli_close
. mysqli_commit
. mysqli_connect_errno
. mysqli_connect_error
. mysqli_connect
. mysqli_data_seek
. mysqli_debug
. mysqli_disable_reads_from_master
. mysqli_disable_rpl_parse
. mysqli_dump_debug_info
. mysqli_embedded_connect
. mysqli_enable_reads_from_master
. mysqli_enable_rpl_parse
. mysqli_errno
. mysqli_error
. mysqli_escape_string
. mysqli_execute
. mysqli_fetch_array
. mysqli_fetch_assoc
. mysqli_fetch_field_direct
. mysqli_fetch_field
. mysqli_fetch_fields
. mysqli_fetch_lengths
. mysqli_fetch_object
. mysqli_fetch_row
. mysqli_fetch
. mysqli_field_count
. mysqli_field_seek
. mysqli_field_tell
. mysqli_free_result
. mysqli_get_client_info
. mysqli_get_client_version
. mysqli_get_host_info
. mysqli_get_metadata
. mysqli_get_proto_info
. mysqli_get_server_info
. mysqli_get_server_version
. mysqli_info
. mysqli_init
. mysqli_insert_id
. mysqli_kill
. mysqli_master_query
. mysqli_more_results
. mysqli_multi_query
. mysqli_next_result
. mysqli_num_fields
. mysqli_num_rows
. mysqli_options
. mysqli_param_count
. mysqli_ping
. mysqli_prepare
. mysqli_query
. mysqli_real_connect
->mysqli_real_escape_string
. mysqli_real_query
. mysqli_report
. mysqli_rollback
. mysqli_rpl_parse_enabled
. mysqli_rpl_probe
. mysqli_rpl_query_type
. mysqli_select_db
. mysqli_send_long_data
. mysqli_send_query
. mysqli_server_end
. mysqli_server_init
. mysqli_set_charset
. mysqli_set_opt
. mysqli_sqlstate
. mysqli_ssl_set
. mysqli_stat
. mysqli_stmt_affected_rows
. mysqli_stmt_bind_param
. mysqli_stmt_bind_result
. mysqli_stmt_close
. mysqli_stmt_data_seek
. mysqli_stmt_errno
. mysqli_stmt_error
. mysqli_stmt_execute
. mysqli_stmt_fetch
. mysqli_stmt_free_result
. mysqli_stmt_init
. mysqli_stmt_num_rows
. mysqli_stmt_param_count
. mysqli_stmt_prepare
. mysqli_stmt_reset
. mysqli_stmt_result_metadata
. mysqli_stmt_send_long_data
. mysqli_stmt_sqlstate
. mysqli_stmt_store_result
. mysqli_store_result
. mysqli_thread_id
. mysqli_thread_safe
. mysqli_use_result
. mysqli_warning_count
|
8.81.67 mysqli_real_escape_string()mysqli->real_escape_string()
Protège les caractères spéciaux d'une chaîne pour l'utiliser dans une
requête SQL, en prenant en compte le jeu de caractères courant de la
connexion
[ Exemples avec mysqli_real_escape_string ] PHP 5
Style procédural
string
mysqli_real_escape_string (
mysqli
link
,
string
escapestr
)
Style orienté objet (méthode)
mysqli
string
real_escape_string (
string
escapestr
)
mysqli_real_escape_string
est utilisée pour créer une chaîne SQL
valide qui pourra être utilisée dans une requête SQL. La chaîne de caractères
escapestr
est encodée en une chaîne SQL échappée, en tenant compte
du jeu de caractères courant de la connexion.
Les caractères encodés sont
NUL (ASCII 0), \n, \r, \, ', ", et Control-Z
.
Retourne une chaîne échappée.
| Style orienté objet |
<?php
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");
/* Vérification de la connexion */
if (mysqli_connect_errno()) {
printf("Echec de la connexion : %s\n", mysqli_connect_error());
exit();
}
$mysqli->query("CREATE TEMPORARY TABLE myCity LIKE City");
$city = "'s Hertogenbosch";
/* cette requête échoue car nous n'avons pas échappé $city */
if (!$mysqli->query("INSERT into myCity (Name) VALUES ('$city')")) {
printf("Erreur : %s\n", $mysqli->sqlstate);
}
$city = $mysqli->real_escape_string($city);
/* cette requête, par contre, réussira car nous avons échappé $city */
if ($mysqli->query("INSERT into myCity (Name) VALUES ('$city')")) {
printf("%d ligne insérée.\n", $mysqli->affected_rows);
}
$mysqli->close();
?>
|
| Style procédural |
<?php
$link = mysqli_connect("localhost", "my_user", "my_password", "world");
/* Vérification de la connexion */
if (mysqli_connect_errno()) {
printf("Echec de la connexion : %s\n", mysqli_connect_error());
exit();
}
mysqli_query($link, "CREATE TEMPORARY TABLE myCity LIKE City");
$city = "'s Hertogenbosch";
/* cette requête échoue car nous n'avons pas échappé $city */
if (!mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) {
printf("Error: %s\n", mysqli_sqlstate($link));
}
$city = mysqli_real_escape_string($link, $city);
/* cette requête réussira car nous avons échappé $city */
if (mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) {
printf("%d ligne insérée.\n", mysqli_affected_rows($link));
}
mysqli_close($link);
?>
|
L'exemple ci-dessus va afficher :
Erreur : 42000
1 ligne insérée.
mysqli_character_set_name
.
|
