一切顺利,但当我想插入类似的东西时 它' S 男人' S 不是吗? 就像这样的问题。
$scope.consolidationScopeChanged = function(consolidationScope) {
console.log(JSON.parse(consolidationScope).frequencies);
}答案 0 :(得分:1)
你应该转义特殊字符。
您可以使用mysqli_real_escape_string。
然后,您必须将变量包装在单引号中,以便将它们识别为字符串。
答案 1 :(得分:0)
您要插入字符串值,您必须将varibles作为字符串引用,并从查询末尾删除;
$Query = "INSERT INTO `9154804_data` (`Parent`, `Name`)
VALUES ('$Section', '$inputdata')";
$InsertData = $mysqli->query($Query);
if ($InsertData){
$InsertID = $mysqli->insert_id;
$Return['Success'] = "Successfully added.";
}else{
$Return['Error'] = "Something went wrong!";
}
答案 2 :(得分:0)
由于您已经在使用mysqli,为什么不进一步使用预备语句来缓解问题并帮助防止SQL注入?
$mysqli = new mysqli( $dbhost, $dbuser, $dbpwd, $dbname );
$sql='insert into `9154804_data` (`parent`, `name`) values (?, ?);';
$stmt=$mysqli->prepare( $sql );
$stmt->bind_params('ss', $Section, $inputdata );
$res=$stmt->execute();
if( $res ){
$InsertID = $mysqli->insert_id;
$Return['Success'] = "Successfully added.";
} else {
$Return['Error'] = "Something went wrong!";
}
$mysqli->close();
答案 3 :(得分:0)
mysqli_real_escape_string()函数转义字符串中的特殊字符,以便在SQL语句中使用。
$Section = $mysqli->real_escape_string($Section);
$inputdata = $mysqli->real_escape_string($inputdata);
$Query = "INSERT INTO `9154804_data` (`Parent`, `Name`)
VALUES ($Section, $inputdata)";
$InsertData = $mysqli->query($Query);
if ($InsertData){
$InsertID = $mysqli->insert_id;
$Return['Success'] = "Successfully added.";
}else{
$Return['Error'] = "Something went wrong!";
}
参考http://php.net/manual/en/mysqli.real-escape-string.php
http://www.w3schools.com/php/func_mysqli_real_escape_string.asp