我有像这样的mysql查询
mysql_query("UPDATE services SET sub_service='".$subbb_service."' WHERE sub_service='".$idd."' ") or die(mysql_error());
变量$ subbb_service带有符号'。让我们说'你好'。所以它查询失败,看起来像这样
mysql_query("UPDATE services SET sub_service=' Hello'' WHERE sub_service='".$idd."' ") or die(mysql_error());
现在它已经加倍了''它就死了。也许有人可以帮助我吗?
答案 0 :(得分:0)
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
mysql_real_escape_string($user),
mysql_real_escape_string($password));