修剪字符串时 PHP 已弃用错误消息

Question

我有一个 php 代码，其中包含已弃用的行，任何人都可以帮忙。

<?php
include('config.php');

session_start(); // Starting Session

$error=''; // Variable To Store Error Message

if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];

// Create connection
$con = new mysqli($dbhost_name, $db_username, $db_password, $database , 3306);


// Check connection
if($con->connect_error){
 die("Connection failed: ".$con->connect_error);
                             }

// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);


// Retrieve data from database 
$sql="select * from login where password='$password' AND username='$username'";

$result = $con->query($sql);

$rows = $result->fetch_assoc(); 




if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}

$con->close(); // Closing Connection
}
}

?>

下面是代码。

以下是错误信息。

Answer 1

注意 mysql 自 PHP 5.5.0 起已弃用，并将在未来删除。相反，应该使用 MySQLi 或 PDO_MySQL 扩展。

将mysql_ 函数替换为mysqli_ 函数

改变

$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

到

$username = mysqli_real_escape_string($con, $username);
$password = mysqli_real_escape_string($con, $password);

Answer 2

函数 mysql_real_escape_string() 已弃用 [1]。

请改用mysqli_real_escape_string() [2]。

[1]http://php.net/manual/en/function.mysql-real-escape-string.php

[2]http://php.net/manual/en/mysqli.real-escape-string.php