PHP/MySQL-SQL语法错误? [英] PHP/MySQL - SQL syntax error?

问题描述

现在，当我提交字符'时，我得到了下面列出的以下错误，但其他所有问题都可以了.我正在使用htmlentities()，但仍然出现此错误.

Now when I submit the character ' I get the following error listed below other then that everything is okay when I submit words. I am using htmlentities() and I still get this error.

如何防止发生此错误，有没有办法我可以允许或转换或停止显示为错误的字符'表单?

How can I prevent this error from happening is there a way I can allow or convert or stop the character ' form displaying as an error?

这是我得到的错误.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''')'

推荐答案

您需要对SQL查询中发送的字符串进行转义.

You need to escape the strings you are sending in your SQL queries.

为此，您可以使用 mysql_real_escape_string 函数.

For that, you can use the mysql_real_escape_string function.

例如，您的代码可能看起来像这样(未经测试，但是应该可以解决问题):

For instance, your code might look like this (not tested, but something like this should do the trick) :

$str = "abcd'efh";
$sql_query = "insert into my_table (my_field) values ('" 
  . mysql_real_escape_string($str)
  . "')";
$result = mysql_query($sql_query);

(但是，由于您将需要更改更多的代码，这将需要更多的工作)的另一种解决方案是使用准备好的语句；使用 mysqli_* 或

Another solution (Will require more work, though, as you'll have to change more code) would be to use prepared statements ; either with mysqli_* or PDO -- but not possible with the old mysql_* extension.

，如果这不起作用，您可以编辑问题以向我们提供更多信息吗?就像引起错误的那段代码一样?

Edit : if this doesn't work, can you edit your question, to give us more informations ? Like the piece of code that causes the error ?

这篇关于PHP/MySQL-SQL语法错误?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！