MySQL单引号插入错误 [英] MySQL single quote insertion error
问题描述
错误[1064]您的SQL语法错误;检查与你的MySQL服务器版本相对应的手册,在第1行附近使用正确的语法
这是当前的代码。
add_topic.php(Snippet)
require_once( NBBC / nbbc.php);
$ bbcode = new BBCode;
$ topic = $ _ POST ['topic'];
$ detail = htmlspecialchars($ _ POST ['detail']);
$ c_detail = $ bbcode->解析($ detail);
$ name = $ _ POST ['name'];
$ c_name = htmlspecialchars($ name,ENT_QUOTES);
$ c_topic = htmlspecialchars($ topic,ENT_QUOTES);
$ datetime = date(d / m / y h:i:s); ('$ c_topic','$ c_detail','$ c_name','$'约会时间'));
$ result = mysql_query($ sql);
if($ result){
echoSuccessful< BR>;
echo< a href = main_forum.php>查看您的主题< / a>;
}
else {
echoERROR [。 mysql_errno()。 ]。 mysql_error();
}
add_answer.php
require_once( NBBC / nbbc.php);
$ bbcode = new BBCode;
$ a_name = $ _ POST ['a_name'];
$ a_subject = $ _ POST ['a_subject'];
$ a_answer = $ bbcode->解析($ _ POST ['a_answer']);
$ ac_name = htmlspecialchars($ a_name,ENT_QUOTES);
$ ac_subject = htmlspecialchars($ a_name,ENT_QUOTES);
$ datetime = date(d / m / y H:i:s); //创建日期和时间
$ b $ sql2 =INSERT INTO $ tbl_name(question_id,a_id,a_name,a_subject,a_answer,a_datetime)VALUES('$ id','$ Max_id','$ ac_name ','$ ac_subject','$ a_answer','$ datetime');
$ result2 = mysql_query($ sql2);
if($ result2){
echoSuccessful< br />;
echo< a href ='view_topic.php?id =。$ id。'>查看您的答案< / a>;
$ tbl_name2 =forum_question;
$ sql3 =UPDATE $ tbl_name2 SET reply ='$ Max_id'WHERE id ='$ id';
$ result3 = mysql_query($ sql3);
}
else {
echoERROR [。 mysql_errno()。 ]。 mysql_error();
}
重新说明我需要的是删除所有html标签和其他脚本标记,解析BBCode,并最终插入数据而不出错。 解决方案
试试mysql_real_escape_string()。应该工作!
http://php.net/manual/en/function.mysql-real-escape-string.php
Ok so I have a form in a made from scratch forum. I am using NBBC to parse BBCode for the forum. Here is the code. My main focus is to transform the single quotes into html entities. I have tried a lot of things including htmlentities() as well. Here is the generated error message:
ERROR [1064] You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
And here is the current code. I am giving 2 of the codes that need re-checking.
add_topic.php (Snippet)
require_once("nbbc/nbbc.php");
$bbcode = new BBCode;
$topic=$_POST['topic'];
$detail=htmlspecialchars($_POST['detail']);
$c_detail=$bbcode->Parse($detail);
$name=$_POST['name'];
$c_name=htmlspecialchars($name, ENT_QUOTES);
$c_topic=htmlspecialchars($topic, ENT_QUOTES);
$datetime=date("d/m/y h:i:s"); //create date time
$sql=("INSERT INTO $tbl_name(topic, detail, name, datetime)VALUES('$c_topic', '$c_detail', '$c_name', '$datetime')");
$result=mysql_query($sql);
if($result){
echo "Successful<BR>";
echo "<a href=main_forum.php>View your topic</a>";
}
else {
echo "ERROR [" . mysql_errno() . "] " . mysql_error();
}
add_answer.php
require_once("nbbc/nbbc.php");
$bbcode = new BBCode;
$a_name=$_POST['a_name'];
$a_subject=$_POST['a_subject'];
$a_answer=$bbcode->Parse($_POST['a_answer']);
$ac_name=htmlspecialchars($a_name, ENT_QUOTES);
$ac_subject=htmlspecialchars($a_name, ENT_QUOTES);
$datetime=date("d/m/y H:i:s"); // create date and time
$sql2="INSERT INTO $tbl_name(question_id, a_id, a_name, a_subject, a_answer, a_datetime)VALUES('$id', '$Max_id', '$ac_name', '$ac_subject', '$a_answer', '$datetime')";
$result2=mysql_query($sql2);
if($result2){
echo "Successful<br />";
echo "<a href='view_topic.php?id=".$id."'>View your answer</a>";
$tbl_name2="forum_question";
$sql3="UPDATE $tbl_name2 SET reply='$Max_id' WHERE id='$id'";
$result3=mysql_query($sql3);
}
else {
echo "ERROR [" . mysql_errno() . "] " . mysql_error();
}
To Re-Clarify all I need is to remove all html tags and any other scripting tags for that matter, parse the BBCode, and finally insert the data without error.
try mysql_real_escape_string(). should work!
http://php.net/manual/en/function.mysql-real-escape-string.php
这篇关于MySQL单引号插入错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
