[英]Insert characters such as “&” or “%” in a MySQL query
I'd like to insert special character ("&" or "%" for example) in a query, but everytime I try, the string I have inserted gets cutted. 我想在查询中插入特殊字符(例如“&”或“%”),但是每次尝试时,插入的字符串都会被切断。
For instance, if I type "Bolliger&Mabillard is a rollercoaster manufacturer", I just get "Bolliger". 例如,如果我输入“ Bolliger&Mabillard是过山车制造商”,那么我只会得到“ Bolliger”。
The code I'm using to insert the string into the database is: 我用来将字符串插入数据库的代码是:
include("connect.php");
$query="insert into news (title, body) values('About', 'Bolliger&Mabillard is a rollercoaster manufacturer');";
$run = mysql_query($query) or die ($query);
mysql_close();
What can I do? 我能做什么?
Thanks! 谢谢!
尝试:
$data1=mysql_real_escape_string("Bolliger&Mabillard is a rollercoaster manufacturer");
May this will help you... 愿这对您有帮助...
the shortest way is here... (using mysql predefined function) 最短的方法是在这里...(使用mysql预定义函数)
<?php
include("connect.php");
$bodyData = "Bolliger&Mabillard%is a rollercoaster manufacturer";
$bodyData = mysql_real_escape_string($bodyData);
$query="insert into news (title, body) values('About', '".$bodyData."')";
$run = mysql_query($query) or die ($query);
mysql_close();
?>
or you can take longer way like below... (using your own function) 或者您可以采用以下更长的方式...(使用您自己的功能)
<?php
include("connect.php");
function xss($string)
{
return str_replace(
array('!','"','#','$','%','&',"'",'(',')','*','+',',','-','.','/',':',';','<','=','>','?','@','[','\\',']','^','_','{','|','}','~'),
array('\!','\"','\#','\$','\%','\&',"\'",'\(','\)','\*','\+','\,','\-','\.','\/','\:','\;','\<','\=','\>','\?','\@','\[','\\','\]','\^','\_','\{','\|','\}','\~'),
$string);
}
$bodyData = "Bolliger&Mabillard%is a rollercoaster manufacturer";
$bodyData = xss($bodyData);
$query="insert into news (title, body) values('About', '".$bodyData."')";
$run = mysql_query($query) or die ($query);
mysql_close();
?>
You will get result using this code... 您将使用此代码获得结果...
<?php
include("connect.php");
function xss_r($string)
{
return str_replace(
array('\!','\"','\#','\$','\%','\&',"\'",'\(','\)','\*','\+','\,','\-','\.','\/','\:','\;','\<','\=','\>','\?','\@','\[','\\','\]','\^','\_','\{','\|','\}','\~'),
array('!','"','#','$','%','&',"'",'(',')','*','+',',','-','.','/',':',';','<','=','>','?','@','[','\\',']','^','_','{','|','}','~'),
$string);
}
$last = 1; // here your id which is compare with id in database...
$rs = mysql_query("select body from members where id = ".$last);
$row = mysql_fetch_array($rs);
echo xss_r($row['body']);
mysql_close();
?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.