当字符串包含“&”时,SQLite中的字符串比较不起作用
[英]String comparison in SQLite not working when string contains '&'
问题描述
I'm losing my mind. 
我迷失了方向。 This query works fine (finds one matching record) when executed in SQLite Manager (FF plugin): 在SQLite Manager(FF插件)中执行时,此查询工作正常(查找一条匹配记录):
SELECT * FROM VendorDB WHERE lower(CompanyName) = 'b&b'
But this variablized SELECT statement (which is exactly the same as above when echo'd out) doesn't find anything. 但是这个杂乱无章的SELECT语句(在回显时与上面完全相同)找不到任何东西。
SELECT * FROM VendorDB WHERE lower(CompanyName) = [vendor variable containing 'b&b]
When the string does not contain an '&' both queries work the same. 当字符串不包含“&”时,两个查询的工作方式相同。 I've googled all over and not been able to find anything about why the query shouldn't work consistently. 我到处搜寻Google,却找不到任何有关为何查询无法持续运作的信息。
BTW, I'm using PHP:PDO to execute the query. 顺便说一句,我正在使用PHP:PDO执行查询。
EDIT_1: Here's how the query is being handled (after implementing the suggestions from @Phil), where $dbh is the database connection: EDIT_1:这是处理查询的方式(在实现@Phil的建议之后),其中$ dbh是数据库连接:
$qry = "SELECT * FROM VendorDB WHERE lower(CompanyName) = ?";
//[$vendor is the variable containing 'b&b]
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$go_fetch = $dbh->prepare($qry);
$go_fetch->bindParam(1,$vendor);
$go_fetch->execute();
and the results are retrieved as: 并将结果检索为:
$go_fetch->setFetchMode(PDO::FETCH_ASSOC);
$data = $go_fetch->fetchAll();
All of which yields an empty array, but should yield one and only one record. 所有这些都产生一个空数组,但是应该产生一个且只有一个记录。
Also note that I've echo'd the value of the variable $vendor prior to being inserted into the query and it is the correct value (ie 'b&b' not 'b&b' ) 还要注意,在插入查询之前,我已经对变量$ vendor的值进行了回显,它是正确的值(即'b&b'而不是'b&b' )
2 个解决方案
解决方案1
1 2014-03-28 04:18:30
As mentioned in my comment above, use a proper parameterised statement. 如我上面的评论中所述,请使用适当的参数化语句。 For example... 例如...
$qry = "SELECT * FROM VendorDB WHERE lower(CompanyName) = ?";
$go_fetch = $dbh->prepare($qry);
Then, either pass the parameter in to the execute method 然后,将参数传递给execute方法
$go_fetch->execute([$vendor]);
or bind it first, then execute 或先绑定它,然后执行
$go_fetch->bindParam(1, $vendor);
$go_fetch->execute();
I doubt very much that the ampersand is causing any issues. 我非常怀疑&符是否会引起任何问题。 I can't find any reference to it as an SQLite special character. 我找不到任何引用作为SQLite特殊字符。
I'd say the issue is either that the value in fact contains b&b or that it contains other problem characters like ' . 我想说的问题是,该值实际上包含b&b或包含其他问题字符,例如' 。 The former indicates a problem with where and how the $vendor variable is set. 前者指示在哪里以及如何设置$vendor变量时出现问题。 The latter is solved by my answer above. 后者可以通过我上面的答案解决。
解决方案2
1 已采纳 2014-03-29 16:27:22
I've resolved the issue. 我已经解决了这个问题。 It was a stupid error on my part, but memorializing the answer here in case its useful to someone else. 就我而言,这是一个愚蠢的错误,但是在这里记住答案,以防它对其他人有用。
The problem was indeed that the '&' sign was being converted into '&'. 问题的确确实是将“&”符号转换为“&”。 (Thanks @CBroe for the clue!) It was hard to detect because it wasn't showing up in any of the browser output I was looking at (including viewing the page source). (感谢@CBroe提供线索!)很难检测到,因为它没有出现在我正在查看的任何浏览器输出中(包括查看页面源代码)。
Long ago and far away I had forgotten that I had set up a standard form-handling function to "cleanse" all POST data. 很久很久以前,我已经忘记了我已经建立了一个标准的表单处理功能来“清除”所有POST数据。 One line in that function took each posted value and applied the htmlspecialchars() function to it. 该函数中的一行接受每个发布的值,并将htmlspecialchars()函数应用于该值。 This converted the 'b&b' into 'b&b'. 这将“ b&b”转换为“ b&b”。 Great for the HTML echo'd output, not so good for database comparison strings. 非常适合HTML回显的输出,不适用于数据库比较字符串。
For this particular application, if I do not apply the htmlspecialchars() everything works as expected, regardless of the way that PDO is implemented. 对于此特定应用程序,如果我不应用htmlspecialchars(),则无论PDO的实现方式如何,一切都会按预期工作。
Lesson re-learned... never forget the "defaults" you establish! 重新学习了课程……永远不要忘记您建立的“默认值”!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.