Codeigniter活动记录使用单引号插入查询
[英]Codeigniter active records insert query with single quotes
问题描述
I am trying to add a single record to a database table using codeigniter active records. 
我正在尝试使用codeigniter活动记录将单个记录添加到数据库表中。 The original data is parsed from XML and I have tested that the data is stored present and correct in its respective variable names. 原始数据是从XML解析的,我已经测试了数据是否存在并在其相应的变量名中正确无误。
The data is passed from the controller to the view like this: 数据从控制器传递到视图,如下所示:
$data['questionId'] = $question['id'];
$data['answerText'] = $question->answer;
$q = $this->mobile_user_model->save_actual_answers($data);
And the model insert function looks like this: 模型插入函数如下所示:
function save_actual_answers($data) {
$insert = array(
'answerText' => $data['answerText'],
'responseId' => $data['responseId'],
'questionId' => $data['questionId']
);
$q = $this->db->insert('actual_answers', $insert);
return $q;
}
The problem I am having is that codeigniter is not automatically adding single quotes to the string value supplied for answerText. 我遇到的问题是codeigniter不会自动将单引号添加到为answerText提供的字符串值中。 When I run the function, I get this error: 运行该函数时,出现以下错误:
Error Number: 1054
Unknown column 'Dan' in 'field list'
INSERT INTO `actual_answers` (`answerText`, `responseId`, `questionId`)
VALUES (Dan, 12, 7)
This tells me that the value for answerText (in this case the value Dan) is trying to be entered into the table by codeigniter without the single quotes. 这告诉我,answer.text的值(在这种情况下,值为Dan)正试图由codeigniter输入到表中而没有单引号。 However, if I hardcode the single quotes myself and append them to the answerText data, like so: 但是,如果我自己对单引号进行硬编码并将其附加到answerText数据中,如下所示:
'answerText' => "'" . $data['answerText'] . "'"
the query runs successfully, but the single quotes are added with the string into the table, so the record in the database looks like this: 查询成功运行,但是单引号与字符串一起添加到表中,因此数据库中的记录如下所示:
'Dan' 12 7
Has anybody come across this problem before, or am I doing something drastically wrong which I can't see? 有人以前遇到过这个问题吗,还是我在做一些我看不到的大错?
2 个解决方案
解决方案1
3 已采纳 2012-02-28 02:44:10
$data['questionId'] = $question['id'];
$data['answerText'] = $question->answer;
These two lines seem questionable to me. 这两行对我来说似乎令人怀疑。 First line, $question is an array and onto the second line, question is an object getting the property answer?! 第一行,$ question是一个数组,第二行,问题是一个对象,获取属性答案?! Are you sure you do not get any php error in the log? 您确定您的日志中没有任何PHP错误吗?
Also, in the active record insert documentation, it is stated very clearly Note: All values are escaped automatically producing safer queries. 另外,在活动记录插入文档中,它也非常清楚地指出:注意:所有值都会自动转义,从而产生更安全的查询。 You should really find out if you have did any modification because from the question, there is not much to guess from. 您应该真正确定您是否进行了任何修改,因为从这个问题出发,您没有什么可猜测的。 I think you should quote using the library escape function rather than quote yourself. 我认为您应该使用库转义功能来引用而不是自己引用。 Something like 就像是
$insert = array(
'answerText' => $this->db->escape_str(data['answerText']),
'responseId' => $data['responseId'],
'questionId' => $data['questionId']
);
解决方案2
3 2012-02-28 18:35:39
Thanks for the answer. 感谢您的回答。 The reason that the code is like that is because the id is an attribute of question and the answer is child element of question in the XML. 代码之所以这样,是因为id是XML中问题的属性,而答案是XML中问题的子元素。 It is correct. 它是正确的。 I actually fixed it like this: 我实际上是这样修复的:
$insert = array(
'answerText' => (string)$data['answerText'], // Needed to declare it was a string
'responseId' => $data['responseId'],
'questionId' => $data['questionId']
);
It seems like a hack to me, but it worked. 对我来说,这似乎是一种技巧,但确实有效。 The thing is, I have used this insert array in other parts of the project for inserting strings without this declaration and it works fine. 事实是,我在项目的其他部分中使用了这个插入数组来插入没有此声明的字符串,并且效果很好。 I am not sure why in this case it didn't. 我不确定在这种情况下为什么没有。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.