转义useragent：$ mysqli-> real_escape_string不起作用

Question

I have this PHP code: 我有这个PHP代码：

$ua = $mysqli->real_escape_string($_SERVER['HTTP_USER_AGENT']);

$mysqli->query("INSERT INTO browsers(useragent, account, allowed, key, ip) VALUES('$ua', {$userR['id']}, 0, '(Key/token)', '(IP address)')");

Which is the following SQL query: 以下是SQL查询：

INSERT INTO browsers(useragent, account, allowed, key, ip) VALUES('Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.56 Safari/537.17', 8, 0, 'bc132b38f35a01ce', '127.0.0.1')

However: even after escaping the query does not work: 但是：即使在转义后查询也不起作用：

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key, ip) VALUES('Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.17 (KHTML, like' at line 1

Answer 1

你在查询中使用了一个mysql RESERVED KEYWORD是key ，只需用反引号将其包围起来`让数据库理解它是一个列

$mysqli->query("INSERT INTO browsers(useragent, account, allowed, `key`, ip) VALUES('$ua', {$userR['id']}, 0, '(Key/token)', '(IP address)')");

转义useragent：$ mysqli-> real_escape_string不起作用

问题描述

1 个解决方案

解决方案1
2 已采纳 2013-05-28 08:06:32

转义useragent：$ mysqli-&gt; real_escape_string不起作用

问题描述

1 个解决方案

解决方案1 2 已采纳 2013-05-28 08:06:32

转义useragent：$ mysqli-> real_escape_string不起作用

解决方案1
2 已采纳 2013-05-28 08:06:32