dongshuohuan5291 2014-07-08 18:17
浏览 32
已采纳

为什么mysql_real_escape_string在不应该的地方插入引号?

I have a php page that I use to import orders from a csv file into a mysql database. One varchar in the table is used for the txnid. I discovered that occasionally I'll come across a txnid that results in an "Illegal double value found during parsing" error. For example:

6L831105EP011602

is a fine value that doesn't cause any trouble.

71V72876YH791094

Again, no problems.

546635980E5898057

But this one causes the error, presumably because it is being parsed as a double.

I have tried using mysql_real_escape_string to sanitize the data, but this results in all values being prefixed with '' unless they would've been parsed as a double.

What is the correct way I should be sanitizing this data? How can I determine if a value is going to cause a parse error before I try to insert it into MySQL?

  • 写回答

1条回答 默认 最新

  • dongshaoxiong0012 2014-07-08 18:21
    关注

    mysql_real_escape_string() does NOT add quotes to a string. It ESCAPES sql metacharacters.

    e.g.

    $str1 = "Miles O'Brien";
$str2 = "546635980E5898057";
$str3 = 42;

echo mysql_real_escape_string($str1);   // output: Miles O\'Brien
echo mysql_real_escape_string($str2);   // output: 546635980E5898057
echo mysql_real_escape_string($str3);   // output: 42

    in no case would ANY escaped string suddenly come out like 'Miles O\'Brien' unless you added those quotes yourself. e.g.

    echo "'" . mysql_real_escape_string($str1) . "'";
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 关于#python#的问题:求帮写python代码
  • ¥20 MATLAB画图图形出现上下震荡的线条
  • ¥15 LiBeAs的带隙等于0.997eV,计算阴离子的N和P
  • ¥15 关于#windows#的问题:怎么用WIN 11系统的电脑 克隆WIN NT3.51-4.0系统的硬盘
  • ¥15 来真人,不要ai!matlab有关常微分方程的问题求解决,
  • ¥15 perl MISA分析p3_in脚本出错
  • ¥15 k8s部署jupyterlab,jupyterlab保存不了文件
  • ¥15 ubuntu虚拟机打包apk错误
  • ¥199 rust编程架构设计的方案 有偿
  • ¥15 回答4f系统的像差计算