为什么这样做呢?
代码:
<?php
if (isset($_POST['sourceInsert'])) {
$url = $db_con3->real_escape_string($_POST['url']);
$desc = $db_con3->real_escape_string($_POST['desc']);
echo '$urlbefore is ' . $url . '<br />'; ///for troubleshooting
$result = $db_con3->query("INSERT INTO gdrive_links (evalid, userid, url, desc) VALUES ('$evalid', '$id', '$url', '$desc')");
echo '$urlafter is ' . $url . '<br />'; ///For troubleshooting
echo $db_con3->error; ///For troubleshooting
}
?>
HTML输出:
$urlbefore is https://docs.google.com/file/d/0B0tcjQ3FxlB6dWlMTkNQVjBwVDA/edit?usp=sharing
$urlafter is https://docs.google.com/file/d/0B0tcjQ3FxlB6dWlMTkNQVjBwVDA/edit?usp=sharing
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc) VALUES ('1284017', '1', 'https://docs.google.com/file/d/0B0tcjQ3FxlB6dWlMT' at line 1
因此字符串在查询字符串之前和之后都很好,但在查询中它被截断为第49个字符。我错过了一些愚蠢的话吗?看起来我的查询语法是正确的......
答案 0 :(得分:4)
问题是因为,你有reserved keyword,没有转义。
$result = $db_con3->query("INSERT INTO gdrive_links (`evalid`, `userid`, `url`, `desc`) VALUES ('$evalid', '$id', '$url', '$desc')");
你需要用这种方式使用反引号来逃避它们。 desc是MySQL中的保留关键字。像上面一样逃脱它们。