我想在查询中插入特殊字符("&"或"%"例如),但每次尝试时,我都会输入字符串插入被削减。
例如,如果我输入" Bolliger& Mabillard是一个过山车制造商",我就得到" Bolliger"。
我用来将字符串插入数据库的代码是:
include("connect.php");
$query="insert into news (title, body) values('About', 'Bolliger&Mabillard is a rollercoaster manufacturer');";
$run = mysql_query($query) or die ($query);
mysql_close();
我该怎么办?
谢谢!
答案 0 :(得分:0)
尝试:
$data1=mysql_real_escape_string("Bolliger&Mabillard is a rollercoaster manufacturer");
答案 1 :(得分:0)
愿这对你有帮助......
最短路在这里......(使用mysql预定义函数)
<?php
include("connect.php");
$bodyData = "Bolliger&Mabillard%is a rollercoaster manufacturer";
$bodyData = mysql_real_escape_string($bodyData);
$query="insert into news (title, body) values('About', '".$bodyData."')";
$run = mysql_query($query) or die ($query);
mysql_close();
?>
或者您可以采取更长的方式,如下所示......(使用您自己的功能)
<?php
include("connect.php");
function xss($string)
{
return str_replace(
array('!','"','#','$','%','&',"'",'(',')','*','+',',','-','.','/',':',';','<','=','>','?','@','[','\\',']','^','_','{','|','}','~'),
array('\!','\"','\#','\$','\%','\&',"\'",'\(','\)','\*','\+','\,','\-','\.','\/','\:','\;','\<','\=','\>','\?','\@','\[','\\','\]','\^','\_','\{','\|','\}','\~'),
$string);
}
$bodyData = "Bolliger&Mabillard%is a rollercoaster manufacturer";
$bodyData = xss($bodyData);
$query="insert into news (title, body) values('About', '".$bodyData."')";
$run = mysql_query($query) or die ($query);
mysql_close();
?>
您将使用此代码获得结果...
<?php
include("connect.php");
function xss_r($string)
{
return str_replace(
array('\!','\"','\#','\$','\%','\&',"\'",'\(','\)','\*','\+','\,','\-','\.','\/','\:','\;','\<','\=','\>','\?','\@','\[','\\','\]','\^','\_','\{','\|','\}','\~'),
array('!','"','#','$','%','&',"'",'(',')','*','+',',','-','.','/',':',';','<','=','>','?','@','[','\\',']','^','_','{','|','}','~'),
$string);
}
$last = 1; // here your id which is compare with id in database...
$rs = mysql_query("select body from members where id = ".$last);
$row = mysql_fetch_array($rs);
echo xss_r($row['body']);
mysql_close();
?>