stackoom
  简体   繁体   中英

How do I use an array with a value with a single quote in a MySQL query?

 原文  2016-12-08 18:35:37       php/ mysql

Question

mysql_query("INSERT INTO objects(objId, objectId, objectCategory, SortOrder, Name) VALUES('{$obj_id}', '{$object_id}', '{$object_category}', '{$sortorder}', 'My " . $objecta['Name'] . "')")or die(mysql_error());

This code fails when $objecta['Name'] has a single quote in it. I can't seem to be able to quote everything so that it works even if $objecta['Name'] has a single quote in it.

1 answers

solution1
 1 ACCPTED  2016-12-08 18:38:29

Two things:

1) You should escape your input. mysql_real_escape_string($objecta['Name']) This ensures that things like the ' character are escaped, ie \\' which allows the insert to happen.

2) mysql_* extension is deprecated and you should really at least use mysqli_* or pdo or another database driver. Using prepared statements in one of these other database drivers accomplishes the same as what I said above.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how can handle single quote in mysql query How to query an array of data that has a Single quote? Single quote, Double quote and Mysql Query with PHP PHP : how to use mysql prepare statement inside single quote How do you match a string with single quote in mysql from php How do I query mysql data with array How do I use mysql column contents as index (key) to php array in mySql query? Escape single quote mysql query in php MySQL Query multiple results into a single value Array I have an array of integers, how do I use each one in a mysql query (in php)?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM