插入特殊字符CodeIgniter的问题
[英]Issues with inserting special characters CodeIgniter
问题描述
I am trying to insert a mysql query itself into a table field(Executing a series of queries when certain conditions met), but whenever there is any special characters in query, it is converted in to its corresponding entities. 
我正在尝试将mysql查询本身插入表字段(在满足某些条件时执行一系列查询),但是只要查询中有任何特殊字符,它都会转换为相应的实体。
For example, if Iam inserting this query to table, the quote will become " '" 例如,如果Iam将此查询插入到表中,则引号将变为“'”。 , > to > ,>到> and space to &# . 和&#的空间。 Is there any way to insert the query as it is and display in correct form . 有什么方法可以按原样插入查询并以正确的形式显示。
"select
case item_id
when 206 then '1 Column'
when 255 then '2 Columns'
end as split,
# case oi.product_id
# when 24 then 'XXXX'
# when 28 then 'CCCC'
# when 30 then 'EEEE'
# else 'Something Else'
# end as product,
case oi.price_id
when 72 then 'UYT - Single Pay'
when 73 then 'UYT - Single Pay'
when 74 then 'UYT - Single Pay'
else 'Upsell'
end as product,
count(distinct(al.cust_id)) as the_count
from logtable al
where item_id in (206,255) and
activity_dts > '2012-01-31 19:15:00' and
o.order_is_refunded = 0 and
t.response_code = 1 and
t.response_reasontext not like '%testmode%'
group by 1,2;"
Please give me suggestions or Am I missing any thing here. 请给我建议,否则我在这里想念任何东西。 The charset used by my CI installation is UTF-8. 我的CI安装使用的字符集为UTF-8。
3 个解决方案
解决方案1
0 2012-02-24 05:30:03
This function will help you add the query along with its quotes as it is, in your db. 此函数将帮助您在数据库中添加查询及其引用。
Also you can do this way, 你也可以这样
If your queries just have multiple single quotes only, then border it by double quotes: 如果您的查询仅具有多个单引号,则将其用双引号引起来:
like $tmp = "See single' quotes"; 如$tmp = "See single' quotes";
or vice-versa like: 反之亦然,例如:
$tmp = 'See double " quotes';
解决方案2
0 2012-02-24 05:31:13
Try following 尝试跟随
$data_insert = mysql_real_escape_string($values);
Also you can find it in detail http://php.net/manual/en/function.mysql-real-escape-string.php 您也可以在http://php.net/manual/en/function.mysql-real-escape-string.php中找到详细信息
解决方案3
0 已采纳 2012-02-24 06:45:08
There shouldn't be any problem with inserting your string, as it IS a string, and the database library doesn't make any character encoding by itself, afaik. 插入字符串应该没有任何问题,因为它是字符串,并且数据库库本身不会进行任何字符编码,即afaik。 What encoding are the database and the tables ? 数据库和表的编码是什么? (the connection should be UTF-8, as per default settings) (根据默认设置,连接应为UTF-8)
Since you're using the framework, you can use its methods (and not mysql_real_escape_string() or, god, addslashes()!! like suggested in other answers).This should work: 由于使用的是框架,因此可以使用其方法(而不是 mysql_real_escape_string()或上帝,addslashes()!!就像其他答案中建议的那样),这应该可以工作:
$string_query = "select
case item_id
when 206 then '1 Column'
when 255 then '2 Columns'....";
$sql = "INSERT INTO table(column) VALUES (?)";
$this->db->query($sql, array($string_query));
The query bindings automatically escapes FOR SQL, so for that you're safe (you could have used ActiveRecord with the same result). 查询绑定会自动转义FOR SQL,因此您很安全(可以将ActiveRecord用于相同的结果)。 I don't know what couldn't be working in this, surely NO FUNCTIONS encodes html. 我不知道在这种情况下不能工作,肯定没有功能对html进行编码。
Maybe you're doing the encoding somewhere else: are you sure you're not calling xss_clean() , htmlspecialchars() / htmlentities() , or you have XSS protection enabled, or you pass TRUE as second paramenter of $this->input-> ? 也许您正在其他地方进行编码: 确定没有调用 xss_clean() , htmlspecialchars() / htmlentities() ,或者启用了XSS保护,或者将TRUE作为$this->input->第二个参数传递$this->input-> ?
If all the above for some reason - for wich you didn't provide enought information - fails, you can alwasy encode everything: 如果以上所有操作由于某种原因(由于您没有提供足够的信息)而失败,则可以对所有内容进行编码:
$string_query = base64_encode("select.....");
// HERE YOU MAKE THE INSERT QUERY
and when you retrieve it, you base64_decode() the string. 当您检索它时,您将base64_decode()字符串。 But the ideal solution is not this, it should work without flaws anyway. 但是理想的解决方案不是这个,它应该可以正常工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.