[英]Special Characters Insert To MySQL
Hello I am trying to get special characters to insert into MySQL, as I can't use them. 您好,我试图将特殊字符插入MySQL,因为我无法使用它们。
This what I got so far... 我到目前为止所得到的...
mysql_query("UPDATE profiles SET .mysql_real_escape_string playground='$_POST[playground]' WHERE
username='$_SESSION[membersusername]'");
The text form is 文字形式是
<form method="POST" action="playground.php?action=edit">
<table width="100%" border="0" align="center">
<tr>
<td width="341">Playground<br><textarea name="playground" id="maxLength" rows="5" cols="50"><? echo $playground ?></textarea></td>
</tr>
<tr>
<td><input type="submit" name="submit" value="Update" /></td>
</tr>
</table>
</form>
Hopefully someone will help. 希望有人会有所帮助。
try using this 尝试使用这个
$playground = mysql_real_escape_string($_POST[playground]) ;
mysql_query("UPDATE profiles SET playground='$playground'
WHERE username='".$_SESSION['membersusername']."' ");
change that line 改变那条线
<td width="341">Playground<br><textarea name="playground" id="maxLength" rows="5" cols="50"><? echo $playground ?></textarea></td>
to 至
<td width="341">Playground<br><textarea name="playground" id="maxLength" rows="5" cols="50"></textarea></td>
You have a syntax error in your query, so change as follow 您的查询中存在语法错误,因此请进行以下更改
mysql_query("UPDATE profiles SET playground='".mysql_real_escape_string($_POST['playground'])."' WHERE username='".$_SESSION['membersusername']."'");
As side note i would tell you to use prepared statements with either PDO
or mysqli
, your code is infact highly vulnerable to mysql injections
, learn more here 作为旁注,我会告诉您将准备好的语句与
PDO
或mysqli
一起使用,实际上您的代码很容易受到mysql injections
攻击,请在此处了解更多信息
Query is not correct and it should be 查询不正确,应该是
mysql_query("UPDATE profiles
SET playground='".mysql_real_escape_string($_POST[playground])."'
WHERE
username='".$_SESSION[membersusername]."'");
How ever you should stop using mysql_* functions since they are deprecated and start using mysqli_* functions or PDO with prepare statement. 由于不建议使用mysql_ *函数,因此应该停止使用它们,并开始通过prepare语句使用mysqli_ *函数或PDO。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.