how to process php vars before trying to execute query? eg i am trying to insert text with ",' but it query couldn't execute? what is the best way to solve this with PDO class?
many thanks
也许您正在寻找PDO :: quote: http : //php.net/manual/en/pdo.quote.php
Take a look at both addslashes() and mysql_real_escape_string() . What's happening here is that a '
is a special character, meaning MySQL will treat it as part of it's syntax, instead of treating it as a string like you want. addslashes
or mysql_real_escape_string
will add a backslash \\
before all single and double quotes (and others) to make them not part of the MySQL syntax.
您可以使用mysql_real_escape_string($ string)来转义传入的字符串,这样'和'将被转义。
You should bind your PHP variables, not escape them.
$variable = "''''''''''''''''''";
$sth = $dbh->prepare('SELECT * FROM table WHERE column = ?');
$sth->execute(array($variable));
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.