堆栈内存溢出
  简体   繁体   English

用斜杠查询

[英]query with slashes

 原文  2016-06-17 11:46:10       php/ mysql/ sql/ stripslashes

问题描述

I have item name like girl\\'s bag\\'s . 我有一个像girl\\'s bag\\'s名字。 so query becomes like below 所以查询变成如下 

SELECT * 
FROM tbl_product 
WHERE itm_name LIKE '%girl\'s bag\'s%' 
    AND status = '1' 
    AND is_available = '1' 
ORDER BY itm_id DESC 
LIMIT 20

I have item with name girl\\'s bag\\'s. 我有一个名字叫女孩包的物品。 but i am not getting any result. 但我没有任何结果。 Can anyone help , how should i format my item name to match with item in databse. 谁能帮忙,我应该如何格式化我的商品名称以使其与数据库中的商品相匹配。

3 个解决方案

解决方案1
 4  2016-06-17 11:48:29

You need to escape quotes by doing two single quotes (so change \\' to '' ): 您需要使用两个单引号对引号进行转义(因此将\\'更改为'' ): 

select * from tbl_product where itm_name like '%girl''s bag''s%' and status='1' and is_available='1' order by itm_id DESC limit 20.

But it would be better to use prepared staments and bind parameters to the sql, not concatenating strings to create the query. 但是最好使用准备好的台词并将参数绑定到sql,而不是将字符串连接起来以创建查询。

EDIT: Based on the comment, the OP has \\' literally in the data, so the query should use \\'' : 编辑:基于注释,OP实际上在数据中具有\\' ,因此查询应使用\\'' 

select * from tbl_product where itm_name like '%girl\''s bag\''s%' and status='1' and is_available='1' order by itm_id DESC limit 20.

解决方案2
 1  2016-06-17 11:52:32

Using bind_param and prepare statement as 使用bind_paramprepare语句为 

$like = "%girl's bag's%";// pass  string
$sql = "select * from tbl_product where itm_name like ? and status= ? and is_available=? order by itm_id DESC limit ?";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('siii', $like, 1, 1, 20);
$stmt->execute();

解决方案3
 1  2016-06-17 12:12:12

If your actual value in your actual database is " girl\\'s bag\\'s ", then something is fundamentally wrong with your data handling! 如果您在实际数据库中的实际值是“ girl\\'s bag\\'s ”,那么您的数据处理就根本出了问题! You should not have escaped values stored in your database. 您不应该将转义的值存储在数据库中。 Fix that first and foremost! 首先解决该问题!

Having said that, if you want to match the value girl\\'s bag\\'s in an SQL query, the query needs to look like this: 话虽如此,如果您想在SQL查询中匹配值girl\\'s bag\\'s ,那么查询需要看起来像这样: 

WHERE ... LIKE '%girl\\\'s bag\\\'s%'

You want one literal backslash , which you need to escape with a backslash, followed by a backslash which escapes the single quote. 您需要一个原义的反斜杠 ,您需要先用反斜杠转义,然后是反斜杠,以转义单引号。 So the first two \\\\ mean "\\", and the third backslash just preserves the SQL quote syntax. 因此,前两个\\\\表示“ \\”,而第三个反斜杠仅保留SQL引号语法。

You never worry about the number of slashes manually, instead you use the proper database API to prepare your values correctly! 您无需担心手动的斜杠数量,而是使用正确的数据库API正确准备值! That means you should be using prepared statements: 这意味着您应该使用准备好的语句: 

$value = "girl\'s bag\'s";

$stmt = $pdo->prepare('... WHERE ... LIKE ?');
$stmt->bindValue(1, '%' . $value . '%');
$stmt->execute();

How to do this exactly depends on your database API. 如何执行此操作完全取决于您的数据库API。

See The Great Escapism (Or: What You Need To Know To Work With Text Within Text) . 参见伟大的逃避现实主义(或:在文本中使用文本需要了解的知识)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 替换mySQL REPLACE查询中的正斜杠 - Replacing forward slashes in mySQL REPLACE query PHP mysql_query自动剥离斜杠? - PHP mysql_query automatically stripping slashes? 如何使用 PHP 在 Elasticsearch 查询中传递斜杠? - How to pass slashes in Elasticsearch query using PHP? 如何从搜索查询中删除斜杠 - How to strip slashes from search query 正则表达式将查询字符串转换为斜杠和值 - Regex to turn query string into slashes and values 在查询中传递json时要在查询中删除“ /”斜杠 - Want to remove '/' slashes in query when passing json in query php在串联strign以生成mysql查询时添加斜杠 - php adds slashes when concatenating strign to generate mysql query htaccess中的重写规则将查询字符串转换为斜杠php - Rewrite Rule in htaccess convert query string into slashes php 如何编码包含正斜杠的查询字符串? - How do I encode a query string containing forward slashes? 如何配置Apache / PHP以接受查询字符串中的斜杠? - How do you configure Apache/PHP to accept slashes in query strings?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM