在MySQL中存储之前进行检查和剥离
[英]Checking and stripping before storing in MySQL
问题描述
I just found out because someone had a ' in their last name and it caused the script to not update anything after that. 
我刚刚发现是因为某人的姓氏中有一个' ,这导致脚本在此之后不进行任何更新。 What's the best way to make their last name safe of any potental damaging characters? 使自己的姓氏免受任何潜在的有害字符影响的最佳方法是什么?
3 个解决方案
解决方案1
2 已采纳 2010-04-05 00:53:03
You should probably be using prepared statements if you're embedding the SQL to insert records into the DB in your logic. 如果要嵌入SQL将逻辑中的记录插入到DB中,则可能应该使用预处理语句。 Among other things they will properly escape data values for you (as long as you use them consistently.) 除其他事项外,它们将为您正确地转义数据值(只要您始终使用它们即可)。
解决方案2
0 2010-04-05 00:47:25
PHP有一个名为mysql_real_escape_string的函数,它应该清除所有顽皮的字符。
解决方案3
0 2010-04-05 12:29:17
You should use 你应该用
print htmlentities("O'Brian",ENT_QUOTES);
before inserting into database, it will convert string to 在插入数据库之前,它将字符串转换为
O'Brian
so it is safe to store to database. 因此可以安全地存储到数据库。 Keep in mind that this function also escapes double quotes. 请记住,此函数还转义了双引号。
More info on escaping string . 有关转义字符串的更多信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.