我需要找到一种方法来在MySQL中使用可能包含撇号的提交字符串。
$user = $_POST["user_name"];
$userf = $_POST["firstname"];
$userl = $_POST["lastname"];
$userg = $_POST["gender"];
$userc = $_POST["city"];
$users = $_POST["state"];
$userd = $_POST["description"];
$usert = $_POST["tagline"];
$useri = $_POST["icon"];
$userm = $_POST["mobile"];
$userh = $_POST["home"];
$userb = $_POST["bdate"];
$sql = "UPDATE `users` SET `user_icon`=$useri,`user_first`=$userf,`user_last`=$userl,`user_tagline`=$usert,`user_mobile`=$userm,`user_home`=$userh,`user_desc`=$userd,`user_city`=$userc,`user_state`=$users,`user_gender`=$userg,`user_bdate`=$userb WHERE `user_name`=$user";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
当我提交以下数组时:
Array ( [user_name] => WyattC [firstname] => Wyatt [lastname] => ------- [gender] => Male [bdate] => 03/27/1999 [city] => Bend2 [state] => OR [description] => For those who accidentally stumbled on to my site, you are probably wondering who I am. Well... That would be a great question to ask me, except I don't know. On the surface, I'm a 17 year old teenager with brown hair, and brown eyes who likes to do random things that he finds entertaining. [tagline] => I am a potato. [icon] => https://yt3.ggpht.com/-gHt0jnZzg1Y/AAAAAAAAAAI/AAAAAAAAAAA/_qw8fD-Hz7Y/s100-c-k-no-rj-c0xffffff/photo.jpg [mobile] => ---------- [home] => ---------- )
我收到一系列错误。如何修复查询?