SQL查询检测撇号
[英]Sql Query detecting apostrophes
问题描述
I'm trying to execute a Mysql_Query, which uses an input from a Textfield POST request. 
我正在尝试执行Mysql_Query,它使用来自Textfield POST请求的输入。 Though, I am encountering the follow error if the POST request includes an apostrophe. 但是,如果POST请求中包含撇号,则会遇到跟随错误。
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''DJ Broski, DJ CJ and Wendy; Looking Chill'')' at line 1" “您的SQL语法有错误;请在与MySQL服务器版本相对应的手册中找到在第1行的''DJ Broski,DJ CJ和Wendy; Looking Chill'')附近使用的正确语法。
How am I able to resolve this? 我该如何解决? The code I use to execute the query; 我用来执行查询的代码;
$sql = "INSERT into `gallery_pictures` (`fileName`,`caption`) VALUES ('0','$photo_caption')";
$result = @mysql_query($sql);
2 个解决方案
解决方案1
0 2013-09-03 13:53:14
I agree with @DCoder about the needs of a modern replacement. 我同意@DCoder关于现代替代产品的需求。
As written in the other posts, in PHP there is a built-in function to be used for these purposes, but is better using parameterized queries. 正如其他文章中所写,PHP中有一个内置函数可用于这些目的,但是最好使用参数化查询。
解决方案2
-1 2013-09-04 20:48:30
$sql = "INSERT into `gallery_pictures` (`fileName`,`caption`) VALUES ('0',\"$photo_caption\")";
$result = @mysql_query($sql);
how about this? 这个怎么样?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.