这是mysqlquery
SELECT course_id
FROM course_master
WHERE year_id = '6'
AND course_name = ''What is Test?': Perspectives'
当我运行查询时,由于特殊字符问题,它会抛出语法错误。我使用mysql_escape_string来逃避但它无法正常工作。如何逃避这些字符
答案 0 :(得分:1)
我使用mysql_escape_string来逃避,但它无法正常工作。
你错了。您只需格式化字符串值,而不是整个查询
// here are your variables
$year = 6;
$name = "'What is Test?': Perspectives";
// let's format them
$year = intval($year);
$name = mysql_real_escape_string($name);
// and then insert in a query
$sql = "SELECT course_id FROM course_master
WHERE year_id = $year AND course_name = '$name'";
答案 1 :(得分:0)
执行查询并且值具有单引号时,将单引号加倍,这样就不会出错。
SELECT course_id
FROM course_master
WHERE year_id = '6'
AND course_name = '''What is Test?'': Perspectives'
但是如果你在PHP上这样做,请使用PreparedStatement。这也将阻止SQL Injection。以下文章将向您展示如何使用PHP Extensions.
答案 2 :(得分:0)
尝试此查询 -
SELECT course_id
FROM course_master
WHERE year_id = 6
AND course_name = '''What is Test?'': Perspectives'
或使用转义 -
SELECT course_id
FROM course_master
WHERE year_id = 6
AND course_name = '\'What is Test?\': Perspectives'