[英]Escaping special characters in Select statement SQL PHP
How to escape column' special characters in SQL select statement. 如何在SQL select语句中转义列的特殊字符。
I have that sql select statement and the column account_name has values that contains special characters, it gives me error as it doesn't escape those special characters. 我有sql select语句,列account_name包含特殊字符的值,它给我错误,因为它不会逃避这些特殊字符。
select * from account where account_name ='$account_name'
Don't use any of the MySQL extension commands, they are obsolete and not recommended anymore. 不要使用任何MySQL扩展命令,它们已经过时,不再推荐使用。
use PDO and prepared atatements. 使用PDO和准备好的补遗。
http://php.net/pdo http://php.net/pdo
$name = '$somethingHere';
$stmt = $db->prepare("Select * from account where account_name = :name");
$stmt->bindValue(':name', $name, PDO::PARAM_STR);
$stmt->execute();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
使用mysql_real_escape_string($account_name)
函数。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.