逃避使用者:$ mysqli-> real_escape_string不起作用

时间:2013-05-28 08:04:31

标签: php mysql sql

我有这个PHP代码:

$ua = $mysqli->real_escape_string($_SERVER['HTTP_USER_AGENT']);

$mysqli->query("INSERT INTO browsers(useragent, account, allowed, key, ip) VALUES('$ua', {$userR['id']}, 0, '(Key/token)', '(IP address)')");

以下是SQL查询:

INSERT INTO browsers(useragent, account, allowed, key, ip) VALUES('Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.56 Safari/537.17', 8, 0, 'bc132b38f35a01ce', '127.0.0.1')

但是:即使在转义后,查询也无效:

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key, ip) VALUES('Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.17 (KHTML, like' at line 1

1 个答案:

答案 0 :(得分:2)

你在RESERVED KEYWORD的查询中使用了一个mysql key,只需用反引号`来包围它,让数据库理解它是一列

$mysqli->query("INSERT INTO browsers(useragent, account, allowed, `key`, ip) VALUES('$ua', {$userR['id']}, 0, '(Key/token)', '(IP address)')");
相关问题
最新问题