使用mysql_real_escape_string()函数的SQL查询问题 [英] SQL Query problem using mysql_real_escape_string() function
问题描述
Hi Friends
我正在使用PHP,MySql Web应用程序.但是我使用mysql_real_escape_string函数遇到严重错误
例如:
我的SQL查询是
Hi Friends
I am working on a PHP, MySql web application. But I am confronting a critical error using mysql_real_escape_string function
For Example:
My SQL Query is
$query = "Select * from tbl_name where field_name = ''Pirates''";
从mysql_real_escape_string()函数传递后,此查询变为
after passing it from mysql_real_escape_string() function this query becomes
$query = "Select * from tbl_name where field_name = \''Pirates\''";
因此,尽管数据库中存在海盗",但现在它已变成海盗".因此,当我运行此查询时,它没有任何记录.
注意:如果我搜索任何数据类型为数字的字段,此查询将为我提供正确的结果. (因为没有引号用于数字数据)
So now although ''Pirates'' exists in my database but now it has become \''Pirates\''. Therefore when I run this query it gives me no record.
Note: If i search any field whose data type is numeric, this query gives me the correct result. (Because no quote is used for a numeric data)
Can some one has the solution for this problem?
推荐答案
query =从tbl_name中选择*,其中field_name =" Pirates";
query = "Select * from tbl_name where field_name = ''Pirates''";
从mysql_real_escape_string()函数传递后,此查询变为
after passing it from mysql_real_escape_string() function this query becomes
query = "Select * from tbl_name where field_name = \''Pirates\''";
query = "Select * from tbl_name where field_name = \''Pirates\''";
因此,尽管数据库中存在海盗",但现在它已变成海盗".因此,当我运行此查询时,它没有任何记录.
注意:如果我搜索任何数据类型为数字的字段,此查询将为我提供正确的结果. (因为没有引号用于数字数据)
有人可以解决这个问题吗?
So now although ''Pirates'' exists in my database but now it has become \''Pirates\''. Therefore when I run this query it gives me no record.
Note: If i search any field whose data type is numeric, this query gives me the correct result. (Because no quote is used for a numeric data)
Can some one has the solution for this problem?
此功能旨在对SQL查询中要编码的组件进行编码,而不是将其应用于整个SQL语句!请在此处进行RTFM: http://php.net/manual/en/function.mysql- real-escape-string.php [ ^ ].
它显示了如何正确使用它的示例.
祝您编码愉快!
This function is meant to encode components that go into an SQL query and is not to be applied to the whole SQL statement! Please RTFM here: http://php.net/manual/en/function.mysql-real-escape-string.php[^].
It shows an example on how to use it correctly.
Happy coding!
这篇关于使用mysql_real_escape_string()函数的SQL查询问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!