发表新帖
发表新帖

insert text to sqlite where text have "

前端 未结
关注
1 1397
终归单人心
终归单人心 2021-01-21 13:57

I want to read query string from URL and save them into a sqlite database I face with these Error message:

PHP Warning:  SQLite3::exec(): near ",&qu
相关标签:
1条回答
  • 感情败类
    2021-01-21 14:48

    As mentioned by @HassanAhmed, this is what happens when inputs are not properly handled; you're seeing the same issue as if someone was using SQL injection against you. The quick fix is to wrap the fields in quotation marks:

    VALUES ("Ehsan", "$Tel", date('now'), "$Content");

    What you should be doing is binding the parameters:

    $sql =<<<EOF

INSERT INTO foodordering(Fullname, Tel, RecievingTime, Content)
VALUES ("Ehsan", :tel, date('now'), :content);

EOF;

$stmt = $db->prepare($sql);
$stmt->bindValue(':tel', $_REQUEST['from']);
$stmt->bindValue(':content', $_REQUEST['text']);

$ret = $stmt->execute();
    0 讨论(0)
 看不清?
提交回复
热议问题