将文本插入到 sqlite 中,其中文本带有 " [英] insert text to sqlite where text have "
本文介绍了将文本插入到 sqlite 中,其中文本带有 "的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想从 URL 中读取查询字符串并将它们保存到 sqlite 数据库中我面临这些错误消息:
I want to read query string from URL and save them into a sqlite database I face with these Error message:
PHP Warning: SQLite3::exec(): near ",": syntax error
但我不知道这些问题:
$Tel = $_REQUEST["from"];
$Content = $_REQUEST["text"];
echo $Tel = strip_tags($Tel);
echo $Content = strip_tags($Content);
$sql =<<<EOF
INSERT INTO foodordering(Fullname, Tel, RecievingTime, Content)
VALUES ("Ehsan", $Tel, date('now'), $Content);
EOF;
$ret = $db->exec($sql);
推荐答案
正如 @HassanAhmed,这就是没有正确处理输入时会发生的情况;您看到的问题就像有人对您使用 SQL 注入一样.快速解决方法是将字段用引号括起来:
As mentioned by @HassanAhmed, this is what happens when inputs are not properly handled; you're seeing the same issue as if someone was using SQL injection against you. The quick fix is to wrap the fields in quotation marks:
VALUES ("Ehsan", "$Tel", date('now'), "$Content");
你应该做的是绑定参数:
$sql =<<<EOF
INSERT INTO foodordering(Fullname, Tel, RecievingTime, Content)
VALUES ("Ehsan", :tel, date('now'), :content);
EOF;
$stmt = $db->prepare($sql);
$stmt->bindValue(':tel', $_REQUEST['from']);
$stmt->bindValue(':content', $_REQUEST['text']);
$ret = $stmt->execute();
这篇关于将文本插入到 sqlite 中,其中文本带有 "的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文