mysqli_real_escape_string() 期望参数 1 是 mysqli,布尔值给定集合

2021-12-25 00:00:00 php mysqli

我收到很多错误,例如:mysqli_real_escape_string() 期望参数 1 为 mysqli,给出布尔值

I get a lot of errors like: mysqli_real_escape_string() expects parameter 1 to be mysqli, boolean given

错误是 mysqli_real_escape_string() 需要 2 个参数,但只有 1 个项目需要更新.

The errors are that the mysqli_real_escape_string() expects 2 parameters but there is only 1 item that needs to be updated.

问题出在这里:

$updatequery = "
    UPDATE
        as_comprofiler
    SET
        cb_empstatustime = '".time()."'
        , cb_profiel = '".mysqli_real_escape_string($value->profile->nickname)."'
        , cb_empstatus = '".mysqli_real_escape_string($cb_empstatus)."'
        , cb_taal = '".mysqli_real_escape_string($talen)."'
        , cb_sms = '".mysqli_real_escape_string($sms)."'
    WHERE
        cb_boxnr = '".mysqli_real_escape_string($value->boxnumber)."'
    ";

以及页面的完整部分:

// elke ***
foreach ($xml->consultant as $value) {

    // $cb_empstatus vullen a.d.h.v activated en callstatus
    if ($value->activated == 0) {
        $cb_empstatus = 'Afwezig';
    } elseif ($value->activated == 1) {
        if ($value->callstatus == 0) {
            $cb_empstatus = 'Beschikbaar';
        } elseif ($value->callstatus == 1) {
            $cb_empstatus = 'Bezet';
        } elseif ($value->callstatus == 2) {
            $cb_empstatus = 'Pauze';
        }
    }

    // lege variabele aanmaken
    $talen = '';
    $sep = '';

    foreach ($value->languages->language as $taal) {
        $talen .= $sep;
        $talen .= $taal;
        $sep = '|*|';
    }

    // sms code omzetten naar tekst
    if ($value->smsavailable == 1) {
        $sms = 'Ja';
    } else {
        $sms = 'Nee';
    }

    // de update query
    $updatequery = "
        UPDATE
            as_comprofiler
        SET
            cb_empstatustime = '".time()."'
            , cb_profiel = '".mysqli_real_escape_string($value->profile->nickname)."'
            , cb_empstatus = '".mysqli_real_escape_string($cb_empstatus)."'
            , cb_taal = '".mysqli_real_escape_string($talen)."'
            , cb_sms = '".mysqli_real_escape_string($sms)."'
        WHERE
            cb_boxnr = '".mysqli_real_escape_string($value->boxnumber)."'
        ";

    if (mysqli_query($updatequery) == false) {
        // foutmelding
        echo 'Niet uitgevoerd:<br>'.$updatequery.'<br><br>';
    }

有人有想法吗?

推荐答案

你必须添加 mysqli 连接器 作为 mysqli_real_escape_string() 函数中的第一个参数.并且要转义的字符串设置为第二个参数.

You have to add mysqli connector as 1st parameter in mysqli_real_escape_string() function. And the string to be escaped set as 2nd parameter.

<?php
// Let's suppose this is your mysqli connector
$mysqli = mysqli_connect("localhost", "user", "password", "database");

// Then your code should looks like this:
$updatequery = "
    UPDATE
        as_comprofiler
    SET
        cb_empstatustime = '".time()."'
        , cb_profiel = '".mysqli_real_escape_string($mysqli, $value->profile->nickname)."'
        , cb_empstatus = '".mysqli_real_escape_string($mysqli, $cb_empstatus)."'
        , cb_taal = '".mysqli_real_escape_string($mysqli, $talen)."'
        , cb_sms = '".mysqli_real_escape_string($mysqli, $sms)."'
    WHERE
        cb_boxnr = '".mysqli_real_escape_string($mysqli, $value->boxnumber)."'
    "; 
?>

mysqli_real_escape_string 的文档说得很清楚:

mysqli_real_escape_string(mysqli $mysql, string $string): string

这意味着:

  1. 第一个参数必须是 mysqli 对象,由 mysqli_connect() 或 mysqli_init()
  2. 第二个参数必须是要转义的字符串.

相关文章