发表新帖
发表新帖

PHP/MySQL - SQL syntax error?

后端 未结
关注
3 1828
予麋鹿
予麋鹿 2021-01-27 16:11

Now when I submit the character \' I get the following error listed below other then that everything is okay when I submit words. I am using htmlentities()

3条回答
  • 佛祖请我去吃肉
    佛祖请我去吃肉 (楼主)
    2021-01-27 16:42

    You need to escape the strings you are sending in your SQL queries.

    For that, you can use the mysql_real_escape_string function.

    For instance, your code might look like this (not tested, but something like this should do the trick) :

    $str = "abcd'efh";
$sql_query = "insert into my_table (my_field) values ('" 
  . mysql_real_escape_string($str)
  . "')";
$result = mysql_query($sql_query);


    Another solution (Will require more work, though, as you'll have to change more code) would be to use prepared statements ; either with mysqli_* or PDO -- but not possible with the old mysql_* extension.


    Edit : if this doesn't work, can you edit your question, to give us more informations ? Like the piece of code that causes the error ?

    0 讨论(0)
 看不清?
提交回复
热议问题