出于某种原因,这个查询没有提交到数据库,尽管没有错误!
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="src" path="src"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8"/>
<classpathentry kind="lib" path="Config.jar"/>
<classpathentry kind="output" path="bin"/>
</classpath>
我已确保表名和列名正确无误。我的查询有问题吗?
我认为它与$listingdesc2 = "'test test test','test test test'";
$category = "apple, banana";
$addlisting = mysql_query("INSERT INTO `directory` (". $category .") VALUES (". $listingdesc2 .")");
有关,试图在逗号分隔的查询中使用变量。
$listingdesc2然后我回显查询中使用的值,它们如下:
$listingdesc = mysql_real_escape_string($_POST['listingdesc']);
$category = $_POST['category']; //this is an array from a multiple selection checklist
$numcat = count($category);
$category = implode(", ",$category);
$listingdesc1 = "'$listingdesc'";
$a = array_fill(0, $numcat, $listingdesc1);
$listingdesc2 = implode(',', $a);
$addlisting = mysql_query("INSERT INTO `directory` (". $category .") VALUES (". $listingdesc2 .")");
$listingdesc2 = 'test test test','test test test'
答案 0 :(得分:0)
使用string mysql_escape_string ( string $unescaped_string ),您可以通过我认为您使用来自PHP的PDO库或mysqli而不是mysql的方式来转义特殊字符以防止sql注入,因为此库已在PHP >5.4中弃用,现在是PHP is 5.6的稳定版本。