每当我试图逃避O'Neil中的单引号时,编辑器的行为就好像它不起作用(基于它使用的颜色编码),当我运行它时它也不起作用。
$query="UPDATE `users` SET `name` = 'Ian O\'Neil' WHERE id = 2 ";
mysqli_query($link, $query);
答案 0 :(得分:0)
我测试如下及其工作,请检查:
$link = new mysqli("localhost", "username", "password", "database");
/* check connection */
if ($link->connect_errno) {
printf("Connect failed: %s\n", $link->connect_error);
exit();
}
$query="UPDATE `users` SET `name` = 'Ian O\'Neil' WHERE id = 2 ";
mysqli_query($link, $query);
答案 1 :(得分:0)
我得到了很好的资源来回答你的问题。 消息人士说你应该使用
mysqli_real_escape_string 功能 来自消息来源的例子:
<?php
$link = mysqli_connect("localhost", "my_user", "my_password", "world");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
mysqli_query($link, "CREATE TEMPORARY TABLE myCity LIKE City");
$city = "'s Hertogenbosch";
/* this query will fail, cause we didn't escape $city */
if (!mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) {
printf("Error: %s\n", mysqli_sqlstate($link));
}
$city = mysqli_real_escape_string($link, $city);
/* this query with escaped $city will work */
if (mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) {
printf("%d Row inserted.\n", mysqli_affected_rows($link));
}
mysqli_close($link);
?>
这是来源: http://php.net/manual/en/mysqli.real-escape-string.php
您可能需要阅读它。
谢谢,我希望这会有所帮助