试图逃避PHP MySQL查询的单引号和双引号

时间:2014-03-18 23:18:04

标签: php mysql escaping mysql-real-escape-string

您好,并提前感谢您的帮助。

当我在phpMyAdmin中将查询全部粘贴到其中时,我得到了结果集。当我尝试在PHP脚本中运行查询时,我收到PHP错误。我认为问题在于我是如何在代码的MySQL语句部分中转义单引号(撇号)。任何人都可以推荐一个转义方法来用于这个长期精心设计的MySQL查询。

这是在phpMyAdmin中输入的MySQL代码的一部分(它工作正常).... 

SET SESSION group_concat_max_len = 2000000;
SET @radius = .014;
select
cast(concat('{"type":"Feature","id":"',t2.TerrID,'","properties":    {"name":"',t2.TerrName,'","density":',t2.TotalOpp2,',"color":"',t2.TerrClr,'"},','"geometry"    :{"type":"MultiPolygon","coordinates":[', t2.tett2,']}},')as char) as tett
from(

select TerrName,
TerrID,
sum(TotalOpp) as TotalOpp2,
AgentsAssigned,
(sum(TotalOpp) - AgentsAssigned * 60) as density,
if((sum(TotalOpp) - AgentsAssigned * 60)<0,"red", if((sum(TotalOpp) - AgentsAssigned *     60)<60,"yellow","green")) as TerrClr,
group_concat(tett) as tett2

from(

SELECT
territories.territory_name as TerrName,
territories.territoryID as TerrID,
territories_meta.tm_color,
territories.territory_description,
territories.territory_state,
GROUP_CONCAT(distinct(territories_zips.tz_zip)SEPARATOR ', ' ) AS ZipCodes,
GROUP_CONCAT(distinct(concat(users.user_Fname,' ',users.user_Lname))SEPARATOR ', ') AS     AgentName,
users.user_role,
round(sum(boundaries_meta.bm_opportunity)/Count(distinct(territories_assign.ta_repID)))     AS TotalOpp,
Count(distinct(territories_assign.ta_repID)) AS AgentsAssigned,
group_concat(boundaries.boundary_geometry)as tett
FROM
territories
INNER JOIN territories_zips ON territories.territoryID = territories_zips.tz_terrID
INNER JOIN territories_assign ON territories.territoryID =     territories_assign.ta_territoryID...

... ...

这是我试图将这部分代码添加到运行数据库查询的PHP脚本的地方...... 

$places_zipopps_terr3 = $db->query('SET SESSION group_concat_max_len = 2000000;
SET @radius = .014;
select
cast(concat(\'{"type":"Feature","id":"\',t2.TerrID,\'","properties":    {"name":"\',t2.TerrName,\'","density":\',t2.TotalOpp2,\',"color":"\',t2.TerrClr,\'"},\',\'"g    eometry":{"type":"MultiPolygon","coordinates":[\', t2.tett2,\']}},\')as char) as tett
from(

select TerrName,
TerrID,
sum(TotalOpp) as TotalOpp2,
AgentsAssigned,
(sum(TotalOpp) - AgentsAssigned * 60) as density,
if((sum(TotalOpp) - AgentsAssigned * 60)<0,"red", if((sum(TotalOpp) - AgentsAssigned *     60)<60,"yellow","green")) as TerrClr,
group_concat(tett) as tett2

from(

SELECT
territories.territory_name as TerrName,
territories.territoryID as TerrID,
territories_meta.tm_color,
territories.territory_description,
territories.territory_state,
GROUP_CONCAT(distinct(territories_zips.tz_zip)SEPARATOR \', \' ) AS ZipCodes,
GROUP_CONCAT(distinct(concat(users.user_Fname,\' \',users.user_Lname))SEPARATOR \', \')         AS AgentName,
users.user_role,
round(sum(boundaries_meta.bm_opportunity)/Count(distinct(territories_assign.ta_repID)))     AS TotalOpp,
Count(distinct(territories_assign.ta_repID)) AS AgentsAssigned,
group_concat(boundaries.boundary_geometry)as tett
FROM
territories
INNER JOIN territories_zips ON territories.territoryID = territories_zips.tz_terrID
INNER JOIN territories_assign ON territories.territoryID =     territories_assign.ta_territoryID...

.....

1 个答案:

答案 0 :(得分:1)

使用nowdoc字符串:

$query = <<<'EOT'
SET SESSION group_concat_max_len = 2000000;
SET @radius = .014;
select
cast(concat('{"type":"Feature","id":"',t2.TerrID,'","properties":    {"name":"',t2.TerrName,'","density":',t2.TotalOpp2,',"color":"',t2.TerrClr,'"},','"geometry"    :{"type":"MultiPolygon","coordinates":[', t2.tett2,']}},')as char) as tett
from(

select TerrName,
TerrID,
sum(TotalOpp) as TotalOpp2,
AgentsAssigned,
(sum(TotalOpp) - AgentsAssigned * 60) as density,
if((sum(TotalOpp) - AgentsAssigned * 60)<0,"red", if((sum(TotalOpp) - AgentsAssigned *     60)<60,"yellow","green")) as TerrClr,
group_concat(tett) as tett2

from(

SELECT
territories.territory_name as TerrName,
territories.territoryID as TerrID,
territories_meta.tm_color,
territories.territory_description,
territories.territory_state,
GROUP_CONCAT(distinct(territories_zips.tz_zip)SEPARATOR ', ' ) AS ZipCodes,
GROUP_CONCAT(distinct(concat(users.user_Fname,' ',users.user_Lname))SEPARATOR ', ') AS     AgentName,
users.user_role,
round(sum(boundaries_meta.bm_opportunity)/Count(distinct(territories_assign.ta_repID)))     AS TotalOpp,
Count(distinct(territories_assign.ta_repID)) AS AgentsAssigned,
group_concat(boundaries.boundary_geometry)as tett
FROM
territories
INNER JOIN territories_zips ON territories.territoryID = territories_zips.tz_terrID
INNER JOIN territories_assign ON territories.territoryID =     territories_assign.ta_territoryID...
EOT;

或者如果可能:将查询拆分为较小的子查询,这样可以提高可读性,也可能提高性能。

相关问题
最新问题