dousikuai5417 2015-07-23 15:54 采纳率: 0%
浏览 52
已采纳

从php codeigniter发出关于mssql 2008的单引号的问题

I am doing an insert into a database where one of the columns that I am trying to escape are single quotes that a user might type. For example, it's, I am using the codeigniter framework and did the following to escape my column:

$test=$this->db->escape($test);

But I get an SQL-Server error when I submit. For example if I type it's, its trying to do this

INSERT INTO table (test) VALUES(''it''s'')

When it should be

INSERT INTO table (test) VALUES('it''s')

Why is it inserting extra single quotes?

  • 写回答

1条回答 默认 最新

  • duan198299 2015-07-23 15:58
    关注

    You are escaping your entire SQL statement when you should only be escaping the string you are inserting. For example, lets say you have the following code currently.

    $test = "INSERT INTO table (test) VALUES ('" . $value . "');";

    You should change it to be

    $test = "INSERT INTO table (test) VALUES ('" . $this->db->escape($value) . "');";

    EDIT

    As Liam pointed out, since you are using Codeigniter, you may want to also consider using the query binding they provide. See this URL for more information: https://ellislab.com/codeigniter/user-guide/database/queries.html

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 目详情-五一模拟赛详情页
  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?
  • ¥15 加热介质是液体,换热器壳侧导热系数和总的导热系数怎么算
  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
  • ¥15 cmd cl 0x000007b
  • ¥20 BAPI_PR_CHANGE how to add account assignment information for service line