堆栈内存溢出
  简体   繁体   English

php到mysql插入脚本中的特殊字符替换

[英]special characters replacement in a php to mysql insert script

 原文  2014-03-12 21:06:01       php/ mysql/ character

问题描述

I am sorry if this has been asked before but I'm not understanding most of the stuff I've found using google. 很抱歉,如果以前有人问过这个问题,但我不了解我使用google找到的大多数内容。 I'm just learning how to do this all so please bear with me. 我正在学习如何执行所有操作,因此请耐心等待。

I've created a working "INSERT" php script to insert data into a mysql 5.x database, it works without problem, however the issue i AM having is if the user puts a word with a ' or " into the fields the script spits back a "Error inserting new record" at the user. I need to know how to make the script automatically replace the ' with a \\' before it tries to insert the information to a database. 我已经创建了一个有效的“ INSERT” php脚本,可以将数据插入到mysql 5.x数据库中,它可以正常工作,但是我所遇到的问题是,如果用户在脚本的字段中输入带有“或”的单词我向用户吐出“插入新记录时出错”,我需要知道如何使脚本在尝试将信息插入数据库之前自动将其替换为\\。

What I have at the moment is.... 我现在所拥有的是... 

<?php

if (isset($_POST['submitted'])) {

include('../connect/connect-mysql.php');

$Colorist = $_POST['Colorist'];
$Active = $_POST['Active'];

$sqlinsert = "INSERT INTO colorist (Colorist, Active) VALUES ('$Colorist', '$Active')";

if (!mysqli_query($dbcon, $sqlinsert)) {
    die('error inserting new record');
    }//end of nested if statement
$newrecord = "New record added";

} //end of main if


?>
<html>
<head>
</head>
<body>
<form method="post" action="insertcolorist.php">
<input type="hidden" name="submitted" value="true" />
<fieldset>
<legend>New Colorist Data</legend>
<table border="1" width="100%" style="border-collapse: collapse">
<tr><th colspan="2"><font face="Verdana" size="2">Colorist Data</font></th></tr>
<tr><th><font face="Verdana" size="1"><label>Colorist: </label></font></th><td><font size="1" face="Verdana"><input type="text" size="150" name="Colorist" /></font></td></tr>
<tr><th><font face="Verdana" size="1"><label>Is the Colorist Active: </label></font></th><td><font size="1" face="Verdana"><select size="1" name="Active"><option value="">Select...</option><option value="Yes">Yes</option><option value="No">No</option></option></select></font></td></tr>
</table>
</fieldset>
<br>
<input type="submit" value="add new colorist" />
</form>
<?php
echo $newrecord // New record added statement added at the top
?>

1 个解决方案

解决方案1
 0  2014-03-12 21:18:26

There's a mysqli function for cleaning input string. 有一个用于清除输入字符串的mysqli函数。 It's as easy as use 就像使用一样简单 

$Colorist = mysqli_real_escape_string($_POST['Colorist']);
$Active = mysqli_real_escape_string($_POST['Active']);

This should be enough for the most common problems of this type 对于这种最常见的问题,这应该足够了

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 PHP插入到带有特殊字符的MySQL表文本中? - PHP Insert into MySQL table text with special characters? 插入特殊字符/ PHP + MySql + Android - Insert special Characters / PHP + MySql + Android 特殊字符插入MySQL - Special Characters Insert To MySQL 在mysql中插入特殊字符 - Insert special characters in mysql MySQL插入特殊字符 - MySQL Insert special characters PHP和MySQL中的特殊字符 - Special Characters In Php and MySQL PHP / MySQL 中的特殊字符 - Special characters in PHP / MySQL 防止使用PHP将特殊字符替换到我的数据库中 - Prevent special characters replacement into my DB with PHP 特殊字符中断mysql插入 - special characters break mysql insert 如何使用mysql insert插入特殊字符? - How insert special characters using mysql insert?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM