我创建了自己的一组PHP文件,可以查询MYSQL表并以XML格式发回结果。这是我正在构建的iOS应用程序。
我首先在iOS应用中构建请求:
//create comma separated array
NSMutableString *postString = [[NSMutableString alloc]init];
for (NSString *thing in list_cache) {
[postString appendFormat:@"%@,",[thing stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]];
}
//pass the comma separated array to the PHP file
if ([stories count] == 0) {
NSString * path = [NSString stringWithFormat:@"http://server.com/get_list.php?list=%@",postString];
然后,我的PHP文件将其构建为一个查询:
$list = $_GET['list'];
$listEsc = mysql_real_escape_string($list);
$withQuotes = "'" . str_replace(array("'", ","), array("\\'", "','"), $listEsc) . "'";
$finalString = "(".$withQuotes.")";
//echo $finalIn;
$query = mysql_query("SELECT * FROM table_1 LEFT JOIN table_2
ON table_1.someVariable = table_2.variable WHERE variableX IN $finalString;");
这一切都很完美。除了数组中的项目有撇号(')或逗号(,)然后我收到以下错误:
Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near... etc
我试过用以下方法解决这个问题:mysql_real_escape_string像其他答案一样建议类似的问题。但它还没有成功!
我已经尝试转义字符串,用%编码替换逗号和撇号等。似乎没有什么工作,我可以想象必须有一个行业标准解决方案来解决这个问题?
[edit] OP发表在评论中的示例字符串:
server.com/get_list.php?list=lorum%ipsum%20-%20%27quoted%27%20from%20The%lorum%ipsum%20soundtrack,%22Ipsum%20And%20A%20Beat%22%20-%20live%20concert%20(A%name,%20another%20word,%20and%20final%20name%20word)