如果没有使用mysql_real_escape_string,下面的代码将正常工作。我只是试图从输入表单中获取一个可能包含撇号的文本字符串,并将其格式化以放入mysql表中。
<?php
$filenamee = $_FILES["file"]["name"];
$filename =strval($filenamee);
echo "file name is".$filename;
$con=mysqli_connect("localhost","blasbott_admin","lubu1973","blasbott_upload");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$companyName = mysql_real_escape_string($_POST['companyName']);
// $companyName = mysql_real_escape_string($companyNamee);
//$companyName = mysql_real_escape_string($companyNamee);
$sql="INSERT INTO ads (companyName, webSite, picture)
VALUES ('$companyName','$_POST[webSite]','$filename')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo"<br>";
echo "1 record added";
mysqli_close($con);
?>