插入过程中的撇号(Mysql) [英] apostrophe during Insert (Mysql)
问题描述
我正在通过PHP文本框获取数据,并使用普通的insert命令将其插入MySQL数据库.文本框在文本框旁为用户提供了有关特定登录ID的注释.问题是当用户输入撇号(')例如句子我们必须照顾好PC"时,会引发错误.
I am getting data though a PHP text box and inserting it into a MySQL database with a normal insert command. The text box takes in a comment frm the user for a particular Accession ID next to the text box. The problem is that when a user types in apostrophe (') for example the sentence "We have to take care of the PC's", an error is thrown.
我知道为什么会这样,因为SQL假定它为该值的字符串结尾,但我不知道如何对其进行转义.我更希望在MYSQL中转义它.
I know why its happening because the SQL assumes it as the end of the string for that value but I don't know how to escape it. I would prefer escaping it in MYSQL.
如果我在MySQL中转义它,即使没有错误生成并且插入工作正常,它仍可以用作SQL注入吗?
If I escape it in MySQL can it still be exploited as SQL injection even if no error is generated and the insert works fine?
推荐答案
使用 PDO .
这篇关于插入过程中的撇号(Mysql)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!