Backslashing撇號，因爲他們進入數據庫

Question

解決的問題前面部分，仍然需要理解爲什麼這是行不通的，雖然:)

回覆到單獨逃避串，我有這個。

mysql_query("INSERT INTO users (firstname,surname,email,password,birthday,birthmonth,birthyear,houseno,streetname,town,country,postcode,phonenumber,singer,songwriter,producer,composer,band,instrument,instrument2,extra,confirmcode) VALUES ('".$firstname."','".$surname."','".$email."','".$password."',".$birthday.",".$birthmonth.",".$birthyear.",'".$houseno."','".$streetname."','".$town."','".$country."','".$postcode."',".$phonenumber.",".$singer.",".$songwriter.",".$producer.",".$composer.", ".$band.",'".$instrument."','".$instrument2."','".$extra."','".$rand."')", 
    mysql_real_escape_string($surname), 
    mysql_real_escape_string($firstname), 
    mysql_real_escape_string($stown), 
    mysql_real_escape_string($houseno), 
    mysql_real_escape_string($streetname), 
    mysql_real_escape_string($extra), 
    mysql_real_escape_string($email)) or die ('pood'); 
    echo $streetname; 

我得到死亡錯誤 - 所以它不會回顯$ streetname; （這應該是'Clark's Way'），並且由於它沒有被輸入到數據庫中，所以似乎沒有反斜槓。

道歉，如果我還沒有完成我的研究到你的標準，但我一直在試圖理解爲什麼這不工作幾個小時。

謝謝:)

Answer 1

mysql_query()不採取多個參數那樣。您需要在範圍內跳轉每個變量查詢的字符串。就像這樣：

... VALUES ('".mysql_real_escape_string($firstname)."','".mysql_r... 

所以，你最終的東西是這樣的：

$query = "INSERT INTO users (firstname,surname,email,password,birthday, 
birthmonth,birthyear,houseno,streetname,town,country,postcode, 
phonenumber,singer,songwriter,producer,composer,band,instrument, 
instrument2,extra,confirmcode) VALUES (
'". mysql_real_escape_string($firstname) ."', 
'". mysql_real_escape_string($surname) ."', 
'". mysql_real_escape_string($email) ."', 
'". mysql_real_escape_string($password) ."', 
'". mysql_real_escape_string($birthday) ."', 
'". mysql_real_escape_string($birthmonth) ."', 
'". mysql_real_escape_string($birthyear) ."', 
'". mysql_real_escape_string($houseno) ."', 
'". mysql_real_escape_string($streetname) ."', 
'". mysql_real_escape_string($town) ."', 
'". mysql_real_escape_string($country) ."', 
'". mysql_real_escape_string($postcode) ."', 
'". mysql_real_escape_string($phonenumber) ."', 
'". mysql_real_escape_string($singer) ."', 
'". mysql_real_escape_string($songwriter) ."', 
'". mysql_real_escape_string($producer) ."', 
'". mysql_real_escape_string($composer) ."', 
'". mysql_real_escape_string($band) ."', 
'". mysql_real_escape_string($instrument) ."', 
'". mysql_real_escape_string($instrument2) ."', 
'". mysql_real_escape_string($extra) ."', 
'". mysql_real_escape_string($rand) ."')"; 

mysql_query($query) or die (mysql_error()); 

如果對不起有一個錯字在那裏。但我認爲你明白了。

---

下面是參數化的查詢可能是如何工作的（另）例如，改編自實例in the manual：

$query = "INSERT INTO users (firstname,surname,email,password,birthday, 
birthmonth,birthyear,houseno,streetname,town,country,postcode, 
phonenumber,singer,songwriter,producer,composer,band,instrument, 
instrument2,extra,confirmcode) VALUES (
:firstname, :surname, :email, :password, :birthday, :birthmonth, 
:birthyear, :houseno, :streetname, :town, :country, :postcode, :phonenumber, 
:singer, :songwriter, :producer, :composer, :band, :instrument, :instrument2, 
:extra, :rand)"; 

// assume $dbh is your PDO database connection 
$sth = $dbh->prepare($query); 
$sth->bindParam(':firstname', $firstname); 
$sth->bindParam(':surname', $surname); 
$sth->bindParam(':email', $email); 
$sth->bindParam(':password', $password); 
$sth->bindParam(':birthday', $birthday); 
// and so on... 

$sth->execute(); 

Answer 2

錯誤歸因於反斜槓引號。刪除反斜槓，它看起來應該工作。

前：VALUES (\'Joshua\',\'Oakley\',
後：VALUES ('Joshua','Oakley',