我通过PHP将$_POST形式转换为MYSQL数据库,其中包含类似“O'Hara”的撇号,然后我得到斜杠。我知道mysql_real_escape_string会添加斜杠以防止这样的事情,但我如何检查带有撇号的字符串的数据库?
示例:
$name = mysql_real_escape_string(stripslashes($_POST['full_name']));
$check = mysql_query("SELECT * FROM `stadiums` WHERE `stadium_name` LIKE '%$name%' LIMIT 0, 10") or die(mysql_error());
答案 0 :(得分:1)
尝试
$name = $_POST['full_name'];
if (get_magic_quotes_gpc()) {
$name = stripslashes($name);
}
$name = mysql_real_escape_string($name);
$check = mysql_query("SELECT * FROM `stadiums`
WHERE `stadium_name` LIKE '%$name%' LIMIT 0, 10") or die(mysql_error());
仅在启用了magic quotes时才对输入使用stripslashes。