我在PHP课程中使用mysqli。
我要执行此查询:
INSERT INTO notifications (userid, content, uniq, link) VALUES (48, "[2014-07-30] Nomid has edited the post \"Somepost\"", "934512e1e9314d9c602a02a26114a625", "http://website/somepost")
失败,显示错误:
You have an error in your query etc. to use near '"[2014-07-30] Nomid has edited the post \"Somepost\"", "934512e1e9314d9"'
但如果我查看数据库,则会出现新行。
使用mysqli_real_escape_string()转义参数:
$msg = $this->escape($msg);
$uniqid = $this->escape($uniqid);
$sql = "INSERT INTO notifications (userid, content, uniq, link) VALUES ($userid, \"$msg\", \"$uniqid\", \"$link\")";
// die($sql);
$this->query($sql);
我尝试使用$ mysqli-> affected_rows和mysqli_query()的$ $结果检查查询执行情况。
字段类型是
INT (11) for userid,
TEXT for content,
TINYTEXT for uniq and
TINYTEXT for link.
所有TEXT字段都有整理" utf8_general_ci"。
我没有创建表格。
奇怪的是,如果我查看数据库,查询已成功执行...
为什么会这样?
答案 0 :(得分:0)
你的SQL应该像
$userid = $this->escape($userid);
$msg = $this->escape($msg);
$uniqid = $this->escape($uniqid);
$link = $this->escape($link);
$sql = "INSERT INTO notifications (userid, content, uniq, link) VALUES ('$userid', '$msg', '$uniqid', '$link')";