1. 首页
  2. 问答
  3. PHP:转义字符不起作用

PHP:转义字符不起作用

2015-06-22 72 views
1

每当我尝试脱离O'Neil中的单引号时,编辑器的行为就好像它不工作(基于它使用的颜色编码),当我运行它时它也不起作用。PHP:转义字符不起作用

$query="UPDATE `users` SET `name` = 'Ian O\'Neil' WHERE id = 2 "; 
mysqli_query($link, $query);

来源

2015-06-22 Bradg89

+0

你尝试过'mysqli_real_escape_string()'吗?无论如何,我会推荐准备好的语句:MySQLI http://php.net/manual/en/mysqli.prepare.php/PDO http://php.net/manual/en/pdo.prepared-statements.php – RuubW

回答

0

我测试如下其工作,请检查:

$link = new mysqli("localhost", "username", "password", "database"); 

/* check connection */ 
if ($link->connect_errno) { 
    printf("Connect failed: %s\n", $link->connect_error); 
    exit(); 
} 

$query="UPDATE `users` SET `name` = 'Ian O\'Neil' WHERE id = 2 "; 
mysqli_query($link, $query);

来源

2015-06-22 07:19:17 AnkiiG

0

我得到一个很好的资源来回答你的问题。 消息人士表示,你应该使用

mysqli_real_escape_string从源头功能 例如:

<?php 
$link = mysqli_connect("localhost", "my_user", "my_password", "world"); 

/* check connection */ 
if (mysqli_connect_errno()) { 
    printf("Connect failed: %s\n", mysqli_connect_error()); 
    exit(); 
} 

mysqli_query($link, "CREATE TEMPORARY TABLE myCity LIKE City"); 

$city = "'s Hertogenbosch"; 

/* this query will fail, cause we didn't escape $city */ 
if (!mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) { 
    printf("Error: %s\n", mysqli_sqlstate($link)); 
} 

$city = mysqli_real_escape_string($link, $city); 

/* this query with escaped $city will work */ 
if (mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) { 
    printf("%d Row inserted.\n", mysqli_affected_rows($link)); 
} 

mysqli_close($link); 
?>

这是源: http://php.net/manual/en/mysqli.real-escape-string.php

您可能需要阅读它。

谢谢我希望这可以帮助

来源

2015-06-22 07:20:18

相关问题

 相关问题