// inserting into DB from form
if (!empty($_POST['Title'])) {
$t = mysqli_real_escape_string($dbc, ($_POST['Title']));
} else {
$errors[] = 'Please enter a Headline title';
}
// Add the news to the database:
$q = 'INSERT INTO news (Title, Content) VALUES (?, ?)';
$stmt = mysqli_prepare($dbc, $q);
mysqli_stmt_bind_param($stmt, 'ss', $t, $c);
mysqli_stmt_execute($stmt);
mysqli_real_escape_string如果$ T包含撇號如檢索從MySQL
We're awesome
它會在以後添加到DB作爲
"we\'re awesome"
上:
我如何然後運行一個查詢,其中title = $ t
$q = "SELECT * FROM news WHERE title= '$t'";
查詢,因爲撇號切SQL斷有效
SELECT * FROM news WHERE title = ' we're awesome
你確定你在說什麼嗎? :)有一些錯覺。你告訴我們它正在插入'我們很棒',所以聲明必須是'SELECT * FROM news WHERE title ='我們真棒'。不是嗎? P.S .:爲什麼不能:'$ q =「選擇*從新聞WHERE title =?」'; '$ stmt = mysqli_prepare($ dbc,$ q); mysqli_stmt_bind_param($ stmt,'s',$ row ['title']); mysqli_stmt_execute($ stmt);' –