[英]How to correctly sanitize mssql query that stores emails
我有一個查詢轉到郵箱並嘗試將所有電子郵件保存在表中。 它適用於大多數情況,但在電子郵件內容值具有雙引號或單引號時失敗。 如何修改我的代碼以正確插入所有查詢?
$num = imap_num_msg($imap);
if($num > 0)
{
for($b = $num; $b > 0; $b--)
{
$body = $this->get_part($imap, $b, "TEXT/HTML");
if($body == "")
{
$body = $this->get_part($imap, $b, "TEXT/PLAIN");
}
$header = imap_headerinfo($imap, $b);
$subject = $header->subject;
$fromaddress = $header->fromaddress;
$body = str_replace("'", "''", $body);
//$body = str_replace("\"", "\"\"", $body);
$sql3 = "INSERT INTO [tbl_test] (content)
VALUES ('".$body."')";
$result3 = mssql_query($sql3, $dbh1);
}
}
后來我得到這些錯誤:
警告:mssql_query():message:字符串后面的未閉合引號'請調查以下為什么......
警告:mssql_query():常規SQL Server錯誤:在第38行的/var/www/testing.php中檢查來自SQL Server的消息(嚴重級15)
您想要使用參數:
$query = "INSERT INTO test (email, body) VALUES (?,?);";
$arrParams[]="my@domain.com";
$arrParams[]="My email body has quotes\'s or double quotes \" in it.";
$resource=sqlsrv_query($conn, $query, $arrParams);
來源: sqlsrv_query
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.