dongxie8856 2014-10-21 10:15
浏览 138
已采纳

PHP:在mySQL中插入引号时出错

I insert a text variable in a mySQL table. Everything works fine except in the text is a quotation mark. I thought that I can prevent an error by using "mysql_real_escape_string". But there is an error anyway.

My insert statement:

 $insertimage= "INSERT INTO image(filename,text,timestamp,countdown) VALUES ('$filename','$text','$timestamp','$countdown')";
 mysql_real_escape_string($insertimage);

The error message: MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1413885955514','10')' at line 1

  • 写回答

7条回答 默认 最新

  • doulong1987 2014-10-21 10:21
    关注

    The problem with your current code is that you have not correctly escaped the values you're trying to enter into the table.

    Better still is to avoid the mysql_* function family entirely. Those functions are now deprecated and bring security risks to the table (along with other concerns).

    You'd be better to use PDO and Prepared Statements, for example:

    $db = new PDO('param1', 'param2', 'param3');
$sql = $db->prepare( 'INSERT INTO `image` (`filename`, `text`, `timestamp`, `countdown`) 
                                   VALUES (:filename, :text, :timestamp, :countdown)' );

$sql->execute( array(':filename' => $filename, 
                     ':text' => $text, 
                     ':timestamp' => $timestamp, 
                     ':countdown' => $countdown )
);
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(6条)

报告相同问题?

悬赏问题

  • ¥15 stm32代码移植没反应
  • ¥15 matlab基于pde算法图像修复,为什么只能对示例图像有效
  • ¥100 连续两帧图像高速减法
  • ¥15 组策略中的计算机配置策略无法下发
  • ¥15 如何绘制动力学系统的相图
  • ¥15 对接wps接口实现获取元数据
  • ¥20 给自己本科IT专业毕业的妹m找个实习工作
  • ¥15 用友U8:向一个无法连接的网络尝试了一个套接字操作,如何解决?
  • ¥30 我的代码按理说完成了模型的搭建、训练、验证测试等工作(标签-网络|关键词-变化检测)
  • ¥50 mac mini外接显示器 画质字体模糊