doutuzhuohao6449 2013-09-03 13:44
浏览 45

Sql Query检测撇号

I'm trying to execute a Mysql_Query, which uses an input from a Textfield POST request. Though, I am encountering the follow error if the POST request includes an apostrophe.

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''DJ Broski, DJ CJ and Wendy; Looking Chill'')' at line 1"

How am I able to resolve this? The code I use to execute the query;

            $sql = "INSERT into `gallery_pictures` (`fileName`,`caption`) VALUES ('0','$photo_caption')";
        $result = @mysql_query($sql);
  • 写回答

2条回答 默认 最新

  • douting1871 2013-09-03 13:53
    关注

    I agree with @DCoder about the needs of a modern replacement.

    As written in the other posts, in PHP there is a built-in function to be used for these purposes, but is better using parameterized queries.

    评论

报告相同问题?

悬赏问题

  • ¥15 Arduino无法同时连接多个hx711模块,如何解决?
  • ¥50 需求一个up主付费课程
  • ¥20 模型在y分布之外的数据上预测能力不好如何解决
  • ¥15 processing提取音乐节奏
  • ¥15 gg加速器加速游戏时,提示不是x86架构
  • ¥15 python按要求编写程序
  • ¥15 Python输入字符串转化为列表排序具体见图,严格按照输入
  • ¥20 XP系统在重新启动后进不去桌面,一直黑屏。
  • ¥15 opencv图像处理,需要四个处理结果图
  • ¥15 无线移动边缘计算系统中的系统模型