dqo88037
dqo88037
2011-02-07 17:26

如何在SQL查询中转义符号?

已采纳

In PHP-script i need to update title, content fields. If I put "@" into content I get error "Description: Incorrect syntax near '@'." I fixed with symbols ' ". Is there any solution for escaping or framework for DB layer?

I'm forced to use f**ng MS SQL :(

Code:

$conn = new COM ("ADODB.Connection")
$db_conn = $conn->open('bla-bla-password...');
$query = sprintf( "UPDATE page SET title='%s', page_content='%s' WHERE id=%d;", addslashes($title), addslashes($content), intval($id));
$rs = $db_conn->execute($query);
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

1条回答

  • dongmi4035 dongmi4035 10年前

    Use PDO prepared statements to escape special characters … not sprintf or addslashes.

    点赞 评论 复制链接分享

相关推荐