php特殊字符插入SQL Server 2005

时间:2013-06-07 06:51:49

标签: php database sql-server-2005

我目前有此查询将数据插入SQL服务器。但由于问题可能包含特殊字符,其中包括'单引号,它会跳过我的查询并且不会插入到数据库中。 有什么想法能够将单引号数据插入SQL服务器数据库吗? 示例:培训师的表现。

这是我将数据插入数据库的代码:

$sql_array = array();
    foreach ($_POST['question'] as $row => $name) {

        $question = $name;
        $qnsNo = $_POST['qnsNo'][$row];
        $input = $_POST['input'][$row];
        $options = $_POST['options'][$row];
        $others = $_POST['others'][$row];
        $compulsory = isset($_POST['compulsory'][$row]) ? $_POST['compulsory'][$row] : "";

        $idQuery = "SELECT max(surveyID) FROM scSurveyForm WHERE createBy = '$createBy' AND writeUp = '$writeUp'";
        $idResult = sqlsrv_query($conn, $idQuery);
        $rows = sqlsrv_fetch_array($idResult);
        $lastID = $rows[0];

        $sql_array[] = "('" . $question . "'," . $lastID . ",'" . $qnsNo . "','" . $input . "','" . $options . "','" . $others . "','" . $compulsory . "')";

        if (!empty($question)) {

            $query_single = "INSERT INTO scFormLayout(question, surveyID, qnsNo, input, options, others, compulsory)
  VALUES" . implode(', ', $sql_array);
            //echo $query_single.'<br/>';
            $status = sqlsrv_query($conn, $query_single);
            $sql_array = array();

0 个答案:

没有答案