mysql_real_escape_string和单引号 [英] mysql_real_escape_string and single quote
问题描述
所以,当插入数据库时,我做: p>
$ lname = mysql_real_escape_string($ _ POST ['lname']);
然后我将$ lname插入数据库。
当它在数据库中时,它显示为O\Connor。
所以,如果我记得我的Web应用程序中的姓氏,我将必须使用:
$ lname = stripslashes($ r [lname]);
这一切似乎都可以正常工作。但是,我有一个搜索功能,将搜索姓氏并显示结果。当我搜索时,我必须搜索O\Connor才能获得任何结果。
在我搜索后,文本框会自动存储刚刚搜索(使用会话)。所以我的代码是这样的:
$ search = mysql_real_escape_string($ _ GET ['search']);
$ _SESSION ['search'] = $ search;
像我之前说过的,当我搜索时,我必须使用O\'Connor然后在我搜索后,文本框中的值将变为O\\\\\'Connor
试图弄清楚它是令人沮丧的。有谁知道我做错了什么?谢谢!
编辑:
这是我的php5.ini文件,涉及魔术引号:
;魔术报价
;
;传入GET / POST / Cookie数据的魔术报价。
magic_quotes_gpc = On
;运行时生成数据的魔术报价,例如来自SQL的数据,来自exec()等。
magic_quotes_runtime = Off
;使用Sybase风格的魔术引号(用''替代\'来转义')。
magic_quotes_sybase = Off
但是,我的网站托管在GoDaddy上,我没有编辑文件的权限:(
这听起来像 Magic Quotes 。
检查是否实际启用:
echo get_magic_quotes_gpc();
要禁用,请编辑您的php.ini文件:
;魔术报价
;
;传入GET / POST / Cookie数据的魔术报价。
magic_quotes_gpc = Off
;运行时生成数据的魔术引用,例如来自exec()等的SQL数据。
magic_quotes_runtime = Off
;使用Sybase风格的魔术引号(用''代替\'转义')
magic_quotes_sybase = Off
或将此行添加到.htaccess:
php_flag magic_quotes_gpc Off
I'm quite frustrated. I want to be able to insert into my database names with single quotes - for example, O'Connor.
So, when inserting into the DB, I do:
$lname = mysql_real_escape_string($_POST['lname']);
And then I insert $lname into the DB.
When it's in the DB, it appears as O\'Connor.
So, if I were to recall that last name in my web application, I will have to use:
$lname = stripslashes($r["lname"]);
This all seems to work fine. However, I have a search function which will search for last names and display the results. When I search, I have to search for O\'Connor in order to get any results.
You see, after I search, the textbox automatically stores the value of what was just searched for (using sessions). So my code is this:
$search = mysql_real_escape_string($_GET['search']);
$_SESSION['search'] = $search;
Like I said before, when I search, I have to use "O\'Connor", and then after I search, the value in the textbox becomes "O\\\\'Connor"
It's been frustrating trying to figure this out. Does anyone know what I'm doing wrong? Thanks!
EDIT:
Here is my php5.ini file, regarding magic quotes:
; Magic quotes
;
; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = On
; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off
; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off
However, my site is hosted on GoDaddy, and I do not have permissions to edit the file :(
It sounds like Magic Quotes are enabled in your PHP configuration.
To check if it's actually enabled:
echo get_magic_quotes_gpc();
To disable, edit your php.ini file:
; Magic quotes
;
; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off
; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off
; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off
Or add this line to your .htaccess:
php_flag magic_quotes_gpc Off
这篇关于mysql_real_escape_string和单引号的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
