php mysql special character escape
Question
how to process php vars before trying to execute query? eg i am trying to insert text with ",' but it query couldn't execute? what is the best way to solve this with PDO class?
many thanks
4 answers
solution1
5 ACCPTED 2011-04-01 11:37:37
也许您正在寻找PDO :: quote: http : //php.net/manual/en/pdo.quote.php
solution2
0 2011-04-01 11:38:43
Take a look at both addslashes() and mysql_real_escape_string() . What's happening here is that a ' is a special character, meaning MySQL will treat it as part of it's syntax, instead of treating it as a string like you want. addslashes or mysql_real_escape_string will add a backslash \\ before all single and double quotes (and others) to make them not part of the MySQL syntax.
solution3
0 2011-04-01 11:38:47
您可以使用mysql_real_escape_string($ string)来转义传入的字符串,这样'和'将被转义。
solution4
0 2011-04-01 11:58:02
You should bind your PHP variables, not escape them.
$variable = "''''''''''''''''''";
$sth = $dbh->prepare('SELECT * FROM table WHERE column = ?');
$sth->execute(array($variable));
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.