2012-10-31 78 views
0

我有$_POST通過PHP的形式到一個MYSQL數據庫,有像'奧哈拉'撇號,然後我斜槓。我知道mysql_real_escape_string放斜槓來防止這樣的事情,但我怎樣才能檢查一個字符串,其中有撇號的數據庫?mysql_real_escape_string和strip_slashes問題

例子:

$name = mysql_real_escape_string(stripslashes($_POST['full_name'])); 
$check = mysql_query("SELECT * FROM `stadiums` WHERE `stadium_name` LIKE '%$name%' LIMIT 0, 10") or die(mysql_error()); 

回答

1

嘗試

$name = $_POST['full_name']; 
if (get_magic_quotes_gpc()) { 
    $name = stripslashes($name); 
} 
$name = mysql_real_escape_string($name); 
$check = mysql_query("SELECT * FROM `stadiums` 
    WHERE `stadium_name` LIKE '%$name%' LIMIT 0, 10") or die(mysql_error()); 

使用stripslashes上輸入纔有效。如果magic quotes

相關問題