插入“&”等字符或MySQL查询中的“%”

时间:2014-10-18 13:29:46

标签: php mysql database character

我想在查询中插入特殊字符("&"或"%"例如),但每次尝试时,我都会输入字符串插入被削减。

例如,如果我输入" Bolliger& Mabillard是一个过山车制造商",我就得到" Bolliger"。

我用来将字符串插入数据库的代码是:

include("connect.php");

$query="insert into news (title, body) values('About', 'Bolliger&Mabillard is a rollercoaster manufacturer');";
$run = mysql_query($query) or die ($query);
mysql_close();

我该怎么办?

谢谢!

2 个答案:

答案 0 :(得分:0)

尝试:

$data1=mysql_real_escape_string("Bolliger&Mabillard is a rollercoaster manufacturer");  

答案 1 :(得分:0)

愿这对你有帮助......

最短路在这里......(使用mysql预定义函数)

<?php
    include("connect.php");
    $bodyData = "Bolliger&Mabillard%is a rollercoaster manufacturer";
    $bodyData = mysql_real_escape_string($bodyData);
    $query="insert into news (title, body) values('About', '".$bodyData."')";
    $run = mysql_query($query) or die ($query);
    mysql_close();
 ?>

或者您可以采取更长的方式,如下所示......(使用您自己的功能)

<?php
    include("connect.php");

    function xss($string)
        {
            return str_replace(
                            array('!','"','#','$','%','&',"'",'(',')','*','+',',','-','.','/',':',';','<','=','>','?','@','[','\\',']','^','_','{','|','}','~'),
                            array('\!','\"','\#','\$','\%','\&',"\'",'\(','\)','\*','\+','\,','\-','\.','\/','\:','\;','\<','\=','\>','\?','\@','\[','\\','\]','\^','\_','\{','\|','\}','\~'),
                            $string);
        }


    $bodyData = "Bolliger&Mabillard%is a rollercoaster manufacturer";
    $bodyData = xss($bodyData);
    $query="insert into news (title, body) values('About', '".$bodyData."')";
    $run = mysql_query($query) or die ($query);
    mysql_close();
    ?>

您将使用此代码获得结果...

 <?php
    include("connect.php");


    function xss_r($string)
        {
            return str_replace(
                            array('\!','\"','\#','\$','\%','\&',"\'",'\(','\)','\*','\+','\,','\-','\.','\/','\:','\;','\<','\=','\>','\?','\@','\[','\\','\]','\^','\_','\{','\|','\}','\~'),
                            array('!','"','#','$','%','&',"'",'(',')','*','+',',','-','.','/',':',';','<','=','>','?','@','[','\\',']','^','_','{','|','}','~'),
                            $string);
        }
    $last = 1; // here your id which is compare with id in database...
    $rs = mysql_query("select body from members where id = ".$last);
    $row = mysql_fetch_array($rs);
    echo xss_r($row['body']);
    mysql_close();
    ?>