当我的插入查询包含引号(例如Kellog's)时,它无法插入记录.
错误味精:
您的SQL语法有错误; 查看与您的MySQL服务器版本相对应的手册,以便在's','Corn Flakes 170g','$ 15.90','$ 15.90','$ 14.10',' - '''附近使用正确的语法1MySQL更新错误:
第一's',应该是Kellogg's.
有什么解决方案吗?
She*_*hef 17
用反斜杠逃脱报价.喜欢'Kellogg\'s'.
这是你的功能,使用mysql_real_escape_string:
function insert($database, $table, $data_array) {
// Connect to MySQL server and select database
$mysql_connect = connect_to_database();
mysql_select_db ($database, $mysql_connect);
// Create column and data values for SQL command
foreach ($data_array as $key => $value) {
$tmp_col[] = $key;
$tmp_dat[] = "'".mysql_real_escape_string($value)."'"; // <-- escape against SQL injections
}
$columns = join(',', $tmp_col);
$data = join(',', $tmp_dat);
// Create and execute SQL command
$sql = 'INSERT INTO '.$table.'('.$columns.')VALUES('. $data.')';
$result = mysql_query($sql, $mysql_connect);
// Report SQL error, if one occured, otherwise return result
if(!$result) {
echo 'MySQL Update Error: '.mysql_error($mysql_connect);
$result = '';
} else {
return $result;
}
}
小智 5
mysql用。。。来代替mysqli。用这个
mysqli_real_escape_string($connection,$_POST['Description'])