PHP中是否有一個將引號添加到字符串的函數?帶引號的環繞字符串
像"'".str."'"
這對於VARCHAR處理SQL查詢。我搜索了一下,沒有結果......
我做了以下內容:
$id = "NULL";
$company_name = $_POST['company_name'];
$country = $_POST['country'];
$chat_language = $_POST['chat_language'];
$contact_firstname = $_POST['contact_firstname'];
$contact_lastname = $_POST['contact_lastname'];
$email = $_POST['email'];
$tel_fix = $_POST['tel_fix'];
$tel_mob = $_POST['tel_mob'];
$address = $_POST['address'];
$rating = $_POST['rating'];
$company_name = "'".mysql_real_escape_string(stripslashes($company_name))."'";
$country = "'".mysql_real_escape_string(stripslashes($country))."'";
$chat_language = "'".mysql_real_escape_string(stripslashes($chat_language))."'";
$contact_firstname = "'".mysql_real_escape_string(stripslashes($contact_firstname))."'";
$contact_lastname = "'".mysql_real_escape_string(stripslashes($contact_lastname))."'";
$email = "'".mysql_real_escape_string(stripslashes($email))."'";
$tel_fix = "'".mysql_real_escape_string(stripslashes($tel_fix))."'";
$tel_mob = "'".mysql_real_escape_string(stripslashes($tel_mob))."'";
$address = "'".mysql_real_escape_string(stripslashes($address))."'";
$rating = mysql_real_escape_string(stripslashes($rating));
$array = array($id, $company_name, $country, $chat_language, $contact_firstname,
$contact_lastname, $email, $tel_fix, $tel_mob, $address, $rating);
$values = implode(", ", $array);
$query = "insert into COMPANIES values(".$values.");";
一般提示:一定要命名,你插入值,以每列,只有「插入到COMPANIES值中(「。$ values。」)「如果您更改了表的結構,或者將參數按錯誤順序排列,或者沒有提供足夠的參數,那麼您的查詢將會中斷。 – chelmertz 2010-02-21 01:11:18
這是一個很好的PDO資源:http://www.kitebird.com/articles/php-pdo.html 。而且,我同意其中的其他帖子,準備好的陳述在所有方面都是一個提供查詢的高級方法。 – JAL 2010-02-21 02:14:40
不檢查魔術引號gpc設置時不要使用'stripslashes()'。你可以很容易地把它包裝在一個自定義的'get_string()'函數中。 – BalusC 2010-02-21 04:32:31