SQL 更新查询在 PHP 中不起作用 [英] SQL Update Query won't work in PHP

问题描述

因此，我一直试图找出我的 UPDATE SQL 查询的问题所在，并搜索了此处的问题，却发现问题出在数据库表中正在更新的实际文本上.我的 PHP 应用程序是一个简单的应用程序，仅用于向表格(链接)添加带有描述的简单网站链接，如下所示:

So I've been trying to figure out what the problem is with my UPDATE SQL query and searched through the questions on here only to find out the issue is with the actual text that's being updated in the database table. My PHP app is a simple one just for adding simple website links with a description to a table (links) as below:

<form action="update.php" method="post">
   <p><input type="text" name="description" value="<?php echo($desc); ?>" /></p>
   <p><input type="text" name="link" value="<?php echo($link); ?>" /></p>
   <p><input type="submit" value="Save Changes" /></p>
</form>

显然这段代码来自edit.php 页面，但是当我尝试在update.php 中执行UPDATE 语句时，它抛出一个错误，指出语法有问题.这似乎只在文本中有 ' 时发生，例如:

Obviously this code is from the edit.php page but when I try to execute the UPDATE statement in update.php it throws out an error stating that there is an issue with the syntax. This only seems to occur when there is a ' in the text for example:

描述:妈妈的补习网站"

Description: "Mum's Tutition Site"

如果我去掉Mum's"中的 ' 使其成为Mums"，那么它更新得很好！任何人都可以解释为什么这样做以及解决问题的可能补救措施/代码吗?

If I take out the ' in "Mum's" making it "Mums" then it updates fine! Can anyone offer an explanation as to why it does this and possible remedy/code to fix the issue?

提前感谢您的帮助！

戴夫.

推荐答案

使用 PDO 进行数据库处理

Use PDO for your data base handling

最好先清理你的数据

$data = sanitize("Mom's");    
function sanitize($data){
        $data= htmlentities(strip_tags(trim($data)));
        return $data;
    }

安全方式

$name = "Mom's";
$db = new PDO('mysql:host=localhost;dbname=databasename', $user, $pass); 
//establish new connection

$statement = $database->prepare("UPDATE TABLE xyz SET name=?");
$statement->execute(array($name));

这本身会更安全.您不需要手动转义.

This will more secure itself. You don't need do manual escapes.

或者使用

$msg =  mysql_real_escape_string($string);

插入数据前

这篇关于SQL 更新查询在 PHP 中不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！