I am trying to create some SQL insert statements and a few variables have names like the following:
"Aamma's Pastries"
I want to escape the quote (') as I am adding the value into the MySQL database. How do I do that with PHP?
使用撇号为MySQL插入转义值
- 写回答
- 好问题 0 提建议
- 追加酬金
- 关注问题
分享- 邀请回答
-
4条回答 默认 最新
- duanbi1983 2010-11-30 05:42关注
You've already accepted an answer, but I'd like to suggest a better approach to you. Using an approach like mysql_real_escape_string requires you to consistently remember to apply it every single time in every single query; it's tedious and error prone.
A more simple approach, which also ensures consistency is to use parameterised statements. This ensures that everything is correctly escaped, and also avoids you having to embed variables in your queries.
In PHP, this can be used with the newer PDO or MySQLi libraries. Of these, I prefer PDO for the flexibility it provides (e.g. I'm currently stuck with MySQL, but I don't intend to keep my app running that way forever, and with PDO the migration will be massively simplified), but there are plenty of questions here on SO that cover the pros and cons of each.
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏举报 分享
- 2010-11-30 04:41回答 4 已采纳 You've already accepted an answer, but I'd like to suggest a better approach to you. Using an app
- 2015-08-25 23:54回答 1 已采纳 $title = mysqli_real_escape_string($title);// add another parameter for connection For example
- 2017-12-09 09:00回答 2 已采纳 Hi Landon have you tried this 'mysqli_real_escape_string' function ? string mysqli_real_escape_
- 2023-02-26 16:09★ Skyman·Curry_的博客 对mysql数据库的知识点总结,以便自己后续复习使用
- 2015-11-05 09:45回答 2 已采纳 $query="UPDATE users SET password = '".mysql_real_escape_string($password_md5)."' WHERE username =
- 回答 3 已采纳 例如 输入 1 and true select * from table where id = 1 and true; select * from table where id = '1
- 2017-09-16 04:59回答 1 已采纳 Try the code from this example: $str ='abc <120> 890'; $str = str_ireplace(['<', '>']
- 2018-07-24 20:03砖业洋__的博客 全网最详细MySQL教程,2023持续更新中
- 2014-11-25 09:37回答 1 已采纳 it is not working … the strings like />., still can be enter in the sql database It is wor
- 2022-06-15 16:08回答 1 已采纳 在实体类中,居然在set方法中把_替换成了\_
- 2016-03-12 09:05回答 3 已采纳 直接改名字吧,换成 _
- 2023-02-22 11:55m0_74377380的博客 MySQL
- 2014-10-28 17:28回答 1 已采纳 The solution to this is using stripslashes() before displaying the output $text = "Don\'t use mys
- 2024-03-31 23:09IT机器猫的博客 MYSQL所有知识点汇总,更全面
- 2021-10-22 08:00sufu1065的博客 近日,Facebook 官博公布了他们的数据库版本从 MySQL 5.6 升级到了 MySQL 8.0,并且在官博记录了复盘详细的升级过程。Facebook 称,他们最近的一次大版本升级到...
- 没有解决我的问题, 去提问
悬赏问题
- ¥15 使用C#,asp.net读取Excel文件并保存到Oracle数据库
- ¥15 C# datagridview 单元格显示进度及值
- ¥15 thinkphp6配合social login单点登录问题
- ¥15 HFSS 中的 H 场图与 MATLAB 中绘制的 B1 场 部分对应不上
- ¥15 如何在scanpy上做差异基因和通路富集?
- ¥20 关于#硬件工程#的问题,请各位专家解答!
- ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
- ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
- ¥30 截图中的mathematics程序转换成matlab
- ¥15 动力学代码报错,维度不匹配