mssql_escape保存双撇号

I am using the function below to escape my string before it is inserted into the DB. Though it actually inserts the double apostrophe into the database, and when I print it out it still has the double apostrophe. What is the right way to print the value out with the original single apostrophe?

function mssql_escape($var){
    if(get_magic_quotes_gpc()){
        $var = stripslashes($var);
    }
    return str_replace("'", "''", $var);
}

写回答
好问题 0 提建议
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
douxun4860 2015-03-11 12:14
关注
Because you are using a parameterised statement there is no need to double up the single quotes. This is the right way of doing things and is generally safe from SQL Injection attacks.

本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

mssql_escape保存双撇号

1条回答 默认 最新

1条回答默认最新