[英]php mysql special character escape
how to process php vars before trying to execute query? 如何在尝试执行查询之前处理php var? eg i am trying to insert text with ",' but it query couldn't execute? what is the best way to solve this with PDO class? 例如,我试图用“,”插入文本,但查询无法执行?用PDO类解决此问题的最佳方法是什么?
many thanks 非常感谢
也许您正在寻找PDO :: quote: http : //php.net/manual/en/pdo.quote.php
Take a look at both addslashes() and mysql_real_escape_string() . 看一下addslashes()和mysql_real_escape_string() 。 What's happening here is that a '
is a special character, meaning MySQL will treat it as part of it's syntax, instead of treating it as a string like you want. 这里发生的是'
是一个特殊字符,这意味着MySQL会将其视为其语法的一部分,而不是像您想要的那样将其视为字符串。 addslashes
or mysql_real_escape_string
will add a backslash \\
before all single and double quotes (and others) to make them not part of the MySQL syntax. addslashes
或mysql_real_escape_string
将在所有单引号和双引号(以及其他引号)之前添加反斜杠\\
,以使其不成为MySQL语法的一部分。
您可以使用mysql_real_escape_string($ string)来转义传入的字符串,这样'和'将被转义。
You should bind your PHP variables, not escape them. 您应该绑定PHP变量,而不是对其进行转义。
$variable = "''''''''''''''''''";
$sth = $dbh->prepare('SELECT * FROM table WHERE column = ?');
$sth->execute(array($variable));
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.