dousikuai5417 2015-07-23 15:54 采纳率: 0%
浏览 52
已采纳

从php codeigniter发出关于mssql 2008的单引号的问题

I am doing an insert into a database where one of the columns that I am trying to escape are single quotes that a user might type. For example, it's, I am using the codeigniter framework and did the following to escape my column:

$test=$this->db->escape($test);

But I get an SQL-Server error when I submit. For example if I type it's, its trying to do this

INSERT INTO table (test) VALUES(''it''s'')

When it should be

INSERT INTO table (test) VALUES('it''s')

Why is it inserting extra single quotes?

  • 写回答

1条回答 默认 最新

  • duan198299 2015-07-23 15:58
    关注

    You are escaping your entire SQL statement when you should only be escaping the string you are inserting. For example, lets say you have the following code currently.

    $test = "INSERT INTO table (test) VALUES ('" . $value . "');";

    You should change it to be

    $test = "INSERT INTO table (test) VALUES ('" . $this->db->escape($value) . "');";

    EDIT

    As Liam pointed out, since you are using Codeigniter, you may want to also consider using the query binding they provide. See this URL for more information: https://ellislab.com/codeigniter/user-guide/database/queries.html

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度