我目前有此查询将数据插入SQL服务器。但由于问题可能包含特殊字符,其中包括'单引号,它会跳过我的查询并且不会插入到数据库中。 有什么想法能够将单引号数据插入SQL服务器数据库吗? 示例:培训师的表现。
这是我将数据插入数据库的代码:
$sql_array = array();
foreach ($_POST['question'] as $row => $name) {
$question = $name;
$qnsNo = $_POST['qnsNo'][$row];
$input = $_POST['input'][$row];
$options = $_POST['options'][$row];
$others = $_POST['others'][$row];
$compulsory = isset($_POST['compulsory'][$row]) ? $_POST['compulsory'][$row] : "";
$idQuery = "SELECT max(surveyID) FROM scSurveyForm WHERE createBy = '$createBy' AND writeUp = '$writeUp'";
$idResult = sqlsrv_query($conn, $idQuery);
$rows = sqlsrv_fetch_array($idResult);
$lastID = $rows[0];
$sql_array[] = "('" . $question . "'," . $lastID . ",'" . $qnsNo . "','" . $input . "','" . $options . "','" . $others . "','" . $compulsory . "')";
if (!empty($question)) {
$query_single = "INSERT INTO scFormLayout(question, surveyID, qnsNo, input, options, others, compulsory)
VALUES" . implode(', ', $sql_array);
//echo $query_single.'<br/>';
$status = sqlsrv_query($conn, $query_single);
$sql_array = array();