为什么在数据库中插入单引号的字符串会引发错误? [英] Why string with single quotes raises error when inserted in DB?
问题描述
我的问题是:如何允许在字符串中使用单引号?
My question is: How do you allow single quotes in strings?
例如,我有一个表单和一个文本框.设置它是为了允许用户输入他们的名字.从那里,它发布数据并将其馈送到数据库中.
For example, I have a form, and a text box. It is set up to allow the user to enter their name. From there, it posts and feeds the data into a database.
我需要允许使用单引号(撇号),因为某些人的名字的名称中带有撇号,例如"O'Reilly".
I need to be able to allow single quotes (apostrophe) as some people's names have an apostrophe in their names, such as "O'Reilly".
有什么建议吗?
推荐答案
无论如何都不允许单引号.我只是假设您将其插入数据库时出错.这可能是由于在输入值上省略了mysql_real_escape_string()
.
Single quotes are not forbidden in any way. I'll simply assume that you got an error inserting it into the database. This is likely due to the omission of mysql_real_escape_string()
on input values.
如果您尝试INSERT ... ('O'Reilly')
,这将是SQL错误,这是SQL转义函数的全部要点.
You will get an SQL error if you try INSERT ... ('O'Reilly')
which is the whole point of the SQL escaping functions.
(这就是为什么最初引入
magic_quotes
的原因:使SQL为新手开箱即用.-并不是特别安全.)
(This is why
magic_quotes
were originally introduced: to make SQL work out of the box for newcomers. - Not to make that particularly secure.)
这篇关于为什么在数据库中插入单引号的字符串会引发错误?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!