逃避单引号
[英]escape single quotes
问题描述
I have a table like this... 
我有一张这样的桌子......
select * from myescape;
+-----------+
| name |
+-----------+
| shantanu' |
| kumar's |
+-----------+
2 rows in set (0.00 sec)
I need to replace the single quote ' with \\' 我需要用'\\'替换单引号
I will also need to escape double quotes and backslash. 我还需要避免双引号和反斜杠。
4 个解决方案
解决方案1
19 2010-09-04 12:51:59
The point of prepared statements is that you don't have to include content in them. 准备好的陈述的要点是您不必在其中包含内容。 Use a PREPARE query with ? 使用PREPARE查询? placeholders and then EXECUTE ... USING to pass the values in without having to escape them. 占位符然后EXECUTE ... USING传递值而不必转义它们。
Don't try to do escaping yourself, because you're likely to make mistakes. 不要试图逃避自己,因为你可能会犯错误。 Depending on what encoding you're using, there can be more to it than just backslash-escaping quotes, backslash and null. 根据您正在使用的编码,除了反斜杠转义引号,反斜杠和null之外,还有更多内容。
解决方案2
9 已采纳 2010-11-25 10:59:25
Try this; 试试这个;
UPDATE myescape SET name = REPLACE(name, "'", "\\'");
You may want to think precisely about why you might want to do this (as Tomalak has said). 您可能想要准确地考虑为什么要这样做(正如Tomalak所说)。 Even in a stored procedure these fields should be strings, not commands. 即使在存储过程中,这些字段也应该是字符串,而不是命令。
解决方案3
2 2010-09-04 12:43:37
You can use char function . 你可以使用char函数 。
mysql> SELECT QUOTE('Don\'t!');
-> 'Don\'t!'
mysql> SELECT QUOTE(NULL);
Helpful link 有用的链接
- http://it.toolbox.com/wiki/index.php/How_do_I_escape_single_quotes_in_SQL_queries%3F http://it.toolbox.com/wiki/index.php/How_do_I_escape_single_quotes_in_SQL_queries%3F
- http://www.webproworld.com/webmaster-forum/threads/61969-single-quote-in-mysql-record http://www.webproworld.com/webmaster-forum/threads/61969-single-quote-in-mysql-record
解决方案4
2 2010-11-30 17:47:33
Try this: 试试这个:
SELECT REPLACE( REPLACE( name , "'", "\\'" ) , '"', '\\"' )
FROM myescape
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.