[英]How to escape quotes in this case?
我希望在作为函数参数传递的字符串中用“\\ n”替换任何CHAR(10)之后返回一个新字符串:
function executerCalcul($initial_string)
{
$ret = "";
$conn = new mysqli(BDD_SERVER, BDD_USER, BDD_PWD, BDD_NAME);
if ($conn->connect_error) {
trigger_error('Database connection failed: ' . $conn->connect_error, E_USER_ERROR);
}
if (stripos($initial_string, "'") === false)
$sql = "SELECT REPLACE('$initial_string', char(10 using utf8),'\n') as resultat";
else
{
// how to write correctly $sql here because we are here in the case when there are single quotes inside the string parameter
}
$rs = $conn->query($sql);
if($rs === false) {
trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $conn->error, E_USER_ERROR);
} else {
$rows_returned = $rs->num_rows;
}
$rs->data_seek(0);
while($row = $rs->fetch_assoc()) {
$ret .= $row['resultat'];
}
$rs->free();
return $ret;
}
那么如果字符串参数包含单引号,如何转义单引号?
在SQL
标准中,应使用双引号 '' 。
但仍然存在mysql_real_escape_string
函数。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.