我试图在数据库(mysql)中插入数据但是当我尝试使用单引号或双引号添加数据时不成功.否则工作正常(不带引号).我知道我们必须mysql_real_escape_string在这种情况下使用.但我正在使用joomla框架,这个功能不起作用.
我的代码如下:
function insert($table, $array) {
$db = JFactory::getDBO();
$query = "INSERT INTO ".$table;
$fis = array();
$vas = array();
foreach($array as $field=>$val) {
if(is_array($val)){
$x= implode(",",$val);
}
else
{
$x=$val;
}
$fis[] = "`$field`";//you must verify keys of array outside of function;
//unknown keys will cause mysql errors;
//there is also sql injection risc;
$vas[] = "'".$x."'";
}
$query .= " (".implode(", ", $fis).") VALUES (".implode(", ", $vas).")";
$db->setQuery($query);
$db->query();
}
insert('#__storage_companies',JRequest::get( 'post' ));
请告诉我如何摆脱这个.