将描述写入数据库 - UTF8 - Escape?

时间:2017-04-15 23:14:04

标签: php mysql xml utf-8 escaping

我想将this XML file的值写入我的数据库。我的问题是,我每次都会收到SQL错误,我想添加这些描述。我已经尝试使用preg_quote来逃避特殊字符,但它不起作用......

但我不知道为什么它不起作用。此函数将值添加到我的数据库中:

function addToSQL($dom, $XMLpath, $shopID){
    $doc = simplexml_import_dom($dom);
    $items = $doc->xpath($XMLpath);
    $database = new mysqli("localhost", "censored", "censored", "censored");
    $sqlstatement = "INSERT INTO `wp_all_import_xml` (name, price, price_old, shop, url, publisher, category, platform, picture, description) VALUES \n";

    echo "(addToSQL) Transferring Data into SQL\n";

    foreach ($items as $item) {
        $node = dom_import_simplexml($item);
        $title = $node->getElementsByTagName('title')->item(0)->textContent;
        $price = $node->getElementsByTagName('price')->item(0)->textContent;
        $url = $node->getElementsByTagName('url')->item(0)->textContent;
        $price_old = 0;
        $publisher = "";
        $category = "";
        $platform = "";
        $image = "";
        $description = "";

        if($node->getElementsByTagName('price_base')->item(0)){
            $publisher = $node->getElementsByTagName('price_base')->item(0)->textContent;
        }

        if($node->getElementsByTagName('publisher')->item(0)){
            $publisher = $node->getElementsByTagName('publisher')->item(0)->textContent;
        }

        if($node->getElementsByTagName('category')->item(0)){
            $category = $node->getElementsByTagName('category')->item(0)->textContent;
        }

        if($node->getElementsByTagName('platform')->item(0)){
            $platform = $node->getElementsByTagName('platform')->item(0)->textContent;
        }

        if($node->getElementsByTagName('image')->item(0)){
            $image = $node->getElementsByTagName('image')->item(0)->textContent;
        }

        if($node->getElementsByTagName('packshot')->item(0)){
            $image = $node->getElementsByTagName('packshot')->item(0)->textContent;
        }

        if($node->getElementsByTagName('desc')->item(0)){
            $description = $node->getElementsByTagName('desc')->item(0)->textContent;
            //$description = preg_quote($description);
            //echo $description . "\n";
        }

        $sqlstatement .= "('$title', '$price', '$price_old', '$shopID', '$url', '$publisher', '$category', '$platform', '$image', '$description')," . "\n";
    }

    $sqlstatement = substr($sqlstatement, 0, -2) . ";";
    //$sqlstatement = $database->real_escape_string($sqlstatement);

    if(!(($database->query($sqlstatement))  === TRUE)){
        echo "(addToSQL) Error writing games to database!\n";
    }

    $sqlstatement = null;
    $sqlstatement = "INSERT INTO `wp_all_import_xml` (name, price, shop, url, publisher, category, platform, description) VALUES \n";

    echo "(addToSQL) finished\n";
}

此函数适用于我所有其他XML文件,因为它们不包含描述。由于它们不包含说明,因此变量$descriptions将为"",因为标记desc不存在。此函数也适用于我的XML文件,我想将描述添加到数据库中。但在我添加之后:

if($node->getElementsByTagName('desc')->item(0)){
    $description = $node->getElementsByTagName('desc')->item(0)->textContent;
    //$description = preg_quote($description);
    //echo $description . "\n";
}

此XML文件的SQL查询每次都失败。所以,它必须是描述。

但我怎么能解决这个问题? - 怎么了? - 我的失败在哪里? 我是否必须告诉var $description将字符串编码为UTF-8?

我不再有任何想法......对帮助会非常高兴!

问候,谢谢!

1 个答案:

答案 0 :(得分:0)

我强烈建议您使用:

$database->real_escape_string($parameter);

表示要插入的所有参数。 它应该处理任何无效字符以及保护您的数据库免受任何sql注入。

相关问题
最新问题