PHP MySQL的特殊字符转义
[英]php mysql special character escape
问题描述
how to process php vars before trying to execute query? 
如何在尝试执行查询之前处理php var? eg i am trying to insert text with ",' but it query couldn't execute? what is the best way to solve this with PDO class? 例如,我试图用“,”插入文本,但查询无法执行?用PDO类解决此问题的最佳方法是什么?
many thanks 非常感谢
4 个解决方案
解决方案1
5 已采纳 2011-04-01 11:37:37
也许您正在寻找PDO :: quote: http : //php.net/manual/en/pdo.quote.php
解决方案2
0 2011-04-01 11:38:43
Take a look at both addslashes() and mysql_real_escape_string() . 看一下addslashes()和mysql_real_escape_string() 。 What's happening here is that a ' is a special character, meaning MySQL will treat it as part of it's syntax, instead of treating it as a string like you want. 这里发生的是'是一个特殊字符,这意味着MySQL会将其视为其语法的一部分,而不是像您想要的那样将其视为字符串。 addslashes or mysql_real_escape_string will add a backslash \\ before all single and double quotes (and others) to make them not part of the MySQL syntax. addslashes或mysql_real_escape_string将在所有单引号和双引号(以及其他引号)之前添加反斜杠\\ ,以使其不成为MySQL语法的一部分。
解决方案3
0 2011-04-01 11:38:47
您可以使用mysql_real_escape_string($ string)来转义传入的字符串,这样'和'将被转义。
解决方案4
0 2011-04-01 11:58:02
You should bind your PHP variables, not escape them. 您应该绑定PHP变量,而不是对其进行转义。
$variable = "''''''''''''''''''";
$sth = $dbh->prepare('SELECT * FROM table WHERE column = ?');
$sth->execute(array($variable));
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.