這是mysqlquery在MySQL查詢中使用特殊字符拋出異常
SELECT course_id
FROM course_master
WHERE year_id = '6'
AND course_name = ''What is Test?': Perspectives'
當我運行查詢,它拋出,因爲特殊字符的語法錯誤problem.Iam使用函數mysql_escape_string逃跑,但它不working.How到轉義這些字符
當執行一個查詢並且一個值有單引號時,加倍單引號所以不會出錯。
SELECT course_id
FROM course_master
WHERE year_id = '6'
AND course_name = '''What is Test?'': Perspectives'
但是如果你在PHP上這樣做,請使用PreparedStatement。這也會阻止從SQL Injection。下面的文章將告訴你如何使用PHP Extensions.
嘗試此查詢 -
SELECT course_id
FROM course_master
WHERE year_id = 6
AND course_name = '''What is Test?'': Perspectives'
或使用轉義 -
SELECT course_id
FROM course_master
WHERE year_id = 6
AND course_name = '\'What is Test?\': Perspectives'
我使用mysql_esca pe_string來逃脫,但它不工作。
您錯了。你只需要格式化字符串值,而不是整個查詢
// here are your variables
$year = 6;
$name = "'What is Test?': Perspectives";
// let's format them
$year = intval($year);
$name = mysql_real_escape_string($name);
// and then insert in a query
$sql = "SELECT course_id FROM course_master
WHERE year_id = $year AND course_name = '$name'";
嗨Iam以這種方式使用但不工作$ sql =「select course_id from course_master where year_id ='」。$ year。「'and course_name ='」。$ this-> sanitiseData($ module_name)。「'」 ; public data sanitiseData($ data) \t { \t \t $ data = mysql_escape_string($ data); \t \t return $ data; \t} – 2013-02-14 13:22:50
現在我感興趣的是你如何逃避該字符串...你能提供該代碼嗎? – Najzero 2013-02-14 13:10:00
請顯示實際的PHP代碼;沒有它,我們不能給你準確的幫助。 – SDC 2013-02-14 13:18:49
您好實際的代碼是$ sql =「select course_master from course_master where year_id ='」。$ year。「'and course_name ='」。$ this-> sanitiseData($ course_name)。「'」; $ course_id = $ this - > _ dbAdapter-> fetchOne($ sql); ($ data) public function sanitiseData($ data) { $ data = mysql_escape_string($ data); 返回$ data; } – 2013-02-14 13:28:08