[英]apostrophe in mysql/php
i'm trying to learn php/mysql. 我正在尝试学习php / mysql。
inserting data into mysql works fine but inserting those with apostrophe is generating an error. 将数据插入mysql可以正常工作,但是用撇号插入数据会产生错误。 i tried using mysql_real_escape_string, yet this doesn't work. 我尝试使用mysql_real_escape_string,但这不起作用。
would appreciate any help. 将不胜感激。
<?php
include 'config.php';
echo "Connected <br />";
$auth = $_POST['author'];
$quo = $_POST['quote'];
$author = mysql_real_escape_string($auth);
$quote = mysql_real_escape_string($quo);
//**************************
//inserting data
$sql="INSERT INTO Quotes (vauthor, cquotes)
VALUES ($author, $quote)";
if (!mysql_query($sql,$conn))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
... ...
what am i doing wrong? 我究竟做错了什么?
Your values are strings, they still need delimiters in the SQL statement, even after you've escaped them. 您的值是字符串,即使您已对其进行转义,它们仍需要在SQL语句中使用定界符。
//inserting data
$sql="INSERT INTO Quotes (vauthor, cquotes)
VALUES ('$author', '$quote')";
Strings must be wrapped in quotes in SQL: 字符串必须用SQL中的引号引起来:
$sql="INSERT INTO Quotes (vauthor, cquotes)
VALUES ('$author', '$quote')";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.