-1
將數據(文本和HTML格式)插入到mysql字段LONGTXT中時出現問題。 這裏是錯誤將數據插入到數據庫中:text和html格式
public 'error' => string 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''<p>
Haec subinde Constantius audiens et quaedam referente Thalassio doc' at line 1' (length=226)
錯誤和幾乎清楚。我用保護的所有功能(編碼格式,報價,禁用HTML ...) 我想到了另外一個辦法,我創建了兩個函數處理逗號,分號和斜槓 下面是函數和addslashes的代碼:
FUNCTION addText($txt)
{
IF(get_magic_quotes_gpc()==false)
{
RETURN utf8_encode(addslashes($txt));
}else{
RETURN utf8_encode($txt);
}
}
保護逗號功能:
FUNCTION protect_virgules($txt)
{
IF($txt!='')
{
$x = strlen($txt);
$newTxt = '';
FOR($i=0;$i<=$x;$i++)
{
IF($txt[$i]==',' || $txt[$i] == ';')
{
$newTxt.= '\\'.$txt[$i];
}
else
{
$newTxt.=$txt[$i];
}
}
RETURN htmlentities($newTxt);
}
else
RETURN '0';
}
插入PHP函數:
public function insert($table,$data){
$this->last_insert_id = NULL;
$fields = "";
$values = "";
foreach($data as $fld => $val){
$values .= trim($this -> escape($val)).",";
$fields .= $fld.",";
}
$values = '"'.substr($values,0,strlen($values)-1).'"';
$fields = '"'.substr($fields,0,strlen($fields)-1).'"';
$tab=array($this->escape($table),$fields,$values,"@last_id");
$this->CALL_SP("sp_insert",$tab);
if ($result = mysqli_query($this->linkId, "SELECT @last_id AS last_inserted_id")) {
while ($row = mysqli_fetch_assoc($result))
{
$this->last_insert_id = $row['last_inserted_id'];
}
}
return $this->queryId;
}
插入SQL PROC代碼:
BEGIN
SET @stmt_sql=CONCAT("INSERT INTO ", tableName, " (",fields,")VALUES(", param ,")");
PREPARE stmt FROM @stmt_sql;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
SELECT LAST_INSERT_ID() into last_id;
END
語法錯誤總是抓住我的喉嚨。 你能幫我嗎?
發佈執行的實際SQL查詢。 –
另外,嘗試通過'mysqli_real_escape_string()'傳遞數據。 –
在函數中使用函數escape($ values。= trim($ this - > escape($ val)...使用mysqli_real_escape_string()返回字符串 –