尝试在数据库中查找和替换 javascript 时，为什么会在 SQL 中收到错误消息 [英] Why do I receive an error in SQL when trying to find and replace javascript within a database

问题描述

我正在尝试在 phpMyAdmin 中运行查找和替换，因为愚蠢的黑客在我设计的网站中插入了一个数据库.我正在寻找出现在 600 多个不同帖子中的特定文本字符串:

I'm trying to run a find and replace in phpMyAdmin because stupid hackers have inserted a db in a website I designed. I'm looking for this specific string of texts that appears in 600+ different posts:

<script src='https://hotopponents.site/site.js' type='text/javascript'></script>

我不断收到此错误:

错误:未知标点字符串@ 67

ERROR: Unknown Punctuation String @ 67

这是正在尝试运行的 SQL 查询查找和替换；

This is the SQL Query find and replace is trying to run;

SELECT `post_content`, REPLACE(`post_content`, '<script src='https://hotopponents.site/site.js' type='text/javascript'></script>', ''), COUNT(*) FROM `db709131568`.`wp_posts` WHERE `post_content` LIKE '%<script src='https://hotopponents.site/site.js' type='text/javascript'></script>%' COLLATE utf8_bin GROUP BY `post_content` ORDER BY `post_content` ASC

除了手动编辑 600 多个单独的内容字符串，我还能做什么?

Whats can I do besides manually edit 600+ individual strings of content?

推荐答案

您需要通过将单引号加倍来对它们进行转义.

You need to escape the single quotes by doubling them.

SELECT `post_content`, REPLACE(`post_content`, '<script src=''https://hotopponents.site/site.js'' type=''text/javascript''></script>', ''), COUNT(*) FROM `db709131568`.`wp_posts` WHERE `post_content` LIKE '%<script src=''https://hotopponents.site/site.js'' type=''text/javascript''></script>%' COLLATE utf8_bin GROUP BY `post_content` ORDER BY `post_content` ASC

(说到转义，您也可以考虑在显示用户输入的内容时使用 HTML 转义.)

(Speaking of escapes, you might also consider using HTML escapes when displaying user entered content.)

这篇关于尝试在数据库中查找和替换 javascript 时，为什么会在 SQL 中收到错误消息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！