嗨,我使用一个小的xml脚本来过滤数据库中的所有条目。我的问题是,在一些xml字符串的名称中是我需要在mysql数据库中过滤的瑕疵。但是当我运行脚本时,所有数据都在那里,除了带有撇号的数据。继承我的代码:
include 'new.php'; //include xml file
$haus = new SimpleXMLElement($xmlstr);
´
foreach ($haus->features as $features) {
foreach ($features->properties as $properties) {
$name = $properties->name;
$insert = $mysqli->query("INSERT INTO locations (name)
VALUES ('$name')");
echo $mysqli->affected_rows;
}
}
有没有办法用php获取数据库中的撇号?
答案 0 :(得分:0)
使用准备好的声明,这意味着您不必担心引号。这也可以保护您免受SQL注入。还有一个轻微的性能优势,因为您可以创建一次预准备语句,然后多次执行它,而不必一遍又一遍地将整个查询发送到MySQL引擎。
$count = 0; // if you want to check how many rows were inserted
if($stmt = $mysqli->prepare('INSERT INTO locations (name) VALUES (?)')){
foreach ($haus->features as $features) {
foreach ($features->properties as $properties) {
$name = $properties->name;
$stmt->bind_param('s', $name);
if($stmt->execute()){
$count++;
}
}
}
}
echo 'total inserted: ' . $count;