为什么在数据库中插入单引号的字符串会引发错误? [英] Why string with single quotes raises error when inserted in DB?

问题描述

我的问题是:如何允许在字符串中使用单引号?

My question is: How do you allow single quotes in strings?

例如，我有一个表单和一个文本框.设置它是为了允许用户输入他们的名字.从那里，它发布数据并将其馈送到数据库中.

For example, I have a form, and a text box. It is set up to allow the user to enter their name. From there, it posts and feeds the data into a database.

我需要允许使用单引号(撇号)，因为某些人的名字的名称中带有撇号，例如"O'Reilly".

I need to be able to allow single quotes (apostrophe) as some people's names have an apostrophe in their names, such as "O'Reilly".

有什么建议吗?

推荐答案

无论如何都不允许单引号.我只是假设您将其插入数据库时​​出错.这可能是由于在输入值上省略了mysql_real_escape_string().

Single quotes are not forbidden in any way. I'll simply assume that you got an error inserting it into the database. This is likely due to the omission of mysql_real_escape_string() on input values.

如果您尝试INSERT ... ('O'Reilly')，这将是SQL错误，这是SQL转义函数的全部要点.

You will get an SQL error if you try INSERT ... ('O'Reilly') which is the whole point of the SQL escaping functions.

(这就是为什么最初引入magic_quotes的原因:使SQL为新手开箱即用.-并不是特别安全.)

(This is why magic_quotes were originally introduced: to make SQL work out of the box for newcomers. - Not to make that particularly secure.)

这篇关于为什么在数据库中插入单引号的字符串会引发错误?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！