活动记录查询失败 - 逍遥游报价从查询 [英] Active record query failed - Escape quote from query
问题描述
背景
- 框架:codeignighter / PyroCMS
我有一个数据库,存储产品的清单,我在我的应用程序中的复制功能
首先查找常见产品名称,以便它可以添加一个后缀
值重复的产品。
code在我的产品模型类
$产品= $这个 - >获得($ ID);
$数= $这个 - > DB->像(名称,$产品 - >名称) - >获得(产品) - > NUM_ROWS();
$ new_product-> NAME = $产品 - >的名字。 ' - '。 $计数;
在第二行中的应用程序失败,只有当 $产品 - >名称
包含引号。
我与codeignighter逃脱的所有字符串的理解,所以我不知道为什么我得到这个错误。
于是,我就使用MySQL转义字符串函数但这并没有帮助的。
错误信息
数据库出错
错误编号:1064
你在你的SQL语法错误;检查对应于你的MySQL服务器版本的权利语法使用附近的图书%'出现在第3行手册
SELECT * FROM`products` WHERE`name` LIKE'%哈利\\的书%
的var_dump
下面是一个的var_dump
的做对产品 - &GT的输出;名称
前,有问题的行之后;
字符串'哈利的书(长度= 12)
数据库出错
错误编号:1064
你在你的SQL语法错误;检查对应于你的MySQL服务器版本的权利语法使用附近的图书%'出现在第3行手册
SELECT * FROM`products` WHERE`name` LIKE'%哈利\\的书%
让我们做这个了一些测试。
下面是你在做什么
$数= $这个 - > DB->像(名称,$产品 - >名称) - >获得(产品) - > NUM_ROWS ();
我怀疑 $产品 - >名称
包含此
哈利的书
据我们所知,这是从数据库表中,你使用的是未来。 当你使用上面的查询提到它与环绕它 单引号和生产这样的结果。
SELECT * FROM`products` WHERE`name` LIKE'%哈利\\的书%
正如你看到它是逃避apostrophy告诉它的字符串是没有结束 因此逃避它有两个slashes.One的apostrophy,一个在单引号之中。
什么,你所要做的就是 在分配的参数查询,将它包装用双引号。
$ PRODUCT_NAME =$产品 - >名称;
而现在通过它来查询。
$数= $这个 - > DB->像(名称,$ PRODUCT_NAME) - >获得(产品) - > NUM_ROWS();
输出将是这个
SELECT * FROM`products` WHERE`name` LIKE'%哈利\的书%
您在这里看到的型差分。它包含单斜杠现在该记录将 被发现。
Background
- Framework: Codeignighter/PyroCMS
I have a DB that stores a list of products, I have a duplicate function
in my application that first looks for the common product name so it can add a 'suffix
' value to the duplicated product.
Code in my Products model class
$product = $this->get($id);
$count = $this->db->like('name', $product->name)->get('products')->num_rows();
$new_product->name = $product->name . ' - ' . $count;
On the second line the application fails only when the $product->name
contains quotes.
I was with the understanding that Codeignighter escaped all strings so I dont know why I get this error.
So I tried to use MySQL escape string function but that didn't help either.
The Error Message
A Database Error Occurred
Error Number: 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Book%'' at line 3
SELECT * FROM `products` WHERE `name` LIKE '%Harry\\'s Book%'
var_dump
Below is the output of doing a var_dump
on product->name
before and after the line in question;
string 'Harry's Book' (length=12)
A Database Error Occurred
Error Number: 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Book%'' at line 3
SELECT * FROM `products` WHERE `name` LIKE '%Harry\\'s Book%'
Let's do some testing about this.
Here is what you are doing
$count = $this->db->like('name', $product->name)->get('products')->num_rows();
And i suspect $product->name
contains this.
Harry's Book
As we know this is coming from the database table as you are using. Where you are using the upper query mentioned it is wrapping it with single quotes and producing this result.
SELECT * FROM `products` WHERE `name` LIKE '%Harry\\'s Book%'
As you see it is escaping apostrophy to tell it is not end of string Therefore escaping it with two slashes.One for apostrophy and one for being in single quote.
What you have to do is Before assigning the parameter to query wrap it with double quotes.
$product_name = "$product->name";
And now pass it to query.
$count = $this->db->like('name', $product_name)->get('products')->num_rows();
The output will be this
SELECT * FROM `products` WHERE `name` LIKE '%Harry\'s Book%'
You see the differece here. It contains single slash now and the record will be found.
这篇关于活动记录查询失败 - 逍遥游报价从查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!