MySQL注释标记破坏了我的代码(PHP) [英] Mysql comments tag breaking my code (PHP)

问题描述

我正在使用PDO准备查询，但是当我输入#或-(SQL注释)时，它仍然有效(我知道PDO不会禁用它)如何使其停止?此注释破坏了我的整个代码. (我希望允许使用它，但不要再破坏了)
例如:
SELECT * FROM something WHERE var=:var AND value=:value
我只输入了#，就会发生这种情况
SELECT * FROM something WHERE var=:var# AND value=:value仅将检查var/:var
(假设:var是用户使用#输入的内容)

I'm using PDO to prepare querys, but when I put # or -- (SQL commentaries) it still working (I know PDO won't disable it) how to make it stop? this comments break my whole code. (I want allow to use it but stop breaking)
Eg:
SELECT * FROM something WHERE var=:var AND value=:value
I just put # and this happens
SELECT * FROM something WHERE var=:var# AND value=:value only will check for var/:var
(Assume :var was user input using #)

推荐答案

用单引号将变量引起来:

Enclose your variables with single quotes:

SELECT * FROM something WHERE var=':var#' AND value=':value' 

这篇关于MySQL注释标记破坏了我的代码(PHP)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！