我需要协助可能导致此错误的内容,每次我在尝试发布到数据库的数据中有单个引号时,我都会收到此错误。 (字段名称:abtext)
错误讯息:
无法输入数据:SQL语法中有错误;检查与您的MySQL服务器版本对应的手册,以便在'dsf'ds'f'ds'fds'f'ds'f'dsfds','fdsfdd'fd''fds'f'dsf'ds附近使用正确的语法fd'fds'f'df'ds ds''fd'sf'在第3行
输入数据的数据:
字段名称:(abtext)类型为文本
在字段=
上输入的数据fdsfdd'fd''fds'f'dsf'ds fd'fds'f'df'ds ds''fd'sf'ds'f'dsfds'sdf
我的插入代码:
$sql = "INSERT INTO poster
(titlepaper,abtext,authorTitle1,authorName1,authorIntials1,authorSurname1,authorJt1,authorcompany1,authoremail1,authornumber1,presenting1,additional,authorTitle2,authorName2,authorIntials2,authorSurname2,authorJt2,authorcompany2,authoremail2,authornumber2,presenting2,correspondence,authorTitle3,authorName3,authorIntials3,authorSurname3,authorJt3,authorcompany3,authoremail3,authornumber3,presenting3)
VALUES ('$titlepaper','$abtext','$authorTitle1','$authorName1','$authorIntials1','$authorSurname1','$authorJt1','$authorcompany1','$authoremail1','$authornumber1','$presenting1','$additional','$authorTitle2','$authorName2','$authorIntials2','$authorSurname2','$authorJt2','$authorcompany2','$authoremail2','$authornumber2','$presenting2','$correspondence','$authorTitle3','$authorName3','$authorIntials3','$authorSurname3','$authorJt3','$authorcompany3','$authoremail3','$authornumber3','$presenting3')";
mysql_select_db('database');
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not enter data: ' . mysql_error());
}
非常感谢您的帮助。
答案 0 :(得分:0)
请尝试使用:htmlspecialchars($abtext)
所以你的SQL查询就像,
$sql = "INSERT INTO poster
(titlepaper,abtext,authorTitle1,authorName1,authorIntials1,authorSurname1,
authorJt1,authorcompany1,authoremail1,authornumber1,presenting1,additional,
authorTitle2,authorName2,authorIntials2,authorSurname2,authorJt2,authorcompany2,
authoremail2,authornumber2,presenting2,correspondence,authorTitle3,authorName3,
authorIntials3,authorSurname3,authorJt3,authorcompany3,authoremail3,
authornumber3,presenting3)
VALUES
('$titlepaper','htmlspecialchars($abtext)','$authorTitle1','$authorName1',
'$authorIntials1','$authorSurname1','$authorJt1','$authorcompany1',
'$authoremail1','$authornumber1','$presenting1','$additional',
'$authorTitle2','$authorName2','$authorIntials2','$authorSurname2',
'$authorJt2','$authorcompany2','$authoremail2','$authornumber2',
'$presenting2','$correspondence','$authorTitle3','$authorName3',
'$authorIntials3','$authorSurname3','$authorJt3','$authorcompany3',
'$authoremail3','$authornumber3','$presenting3')";
答案 1 :(得分:0)
试试这个,
$sql = " INSERT INTO poster(titlepaper,abtext,authorTitle1,authorName1,authorIntials1,authorSurname1,authorJt1,authorcompany1,authoremail1,authornumber1,presenting1,additional,authorTitle2,authorName2,authorIntials2,authorSurname2,authorJt2,authorcompany2,authoremail2,authornumber2,presenting2,correspondence,authorTitle3,authorName3,authorIntials3,authorSurname3,authorJt3,authorcompany3,authoremail3,authornumber3,presenting3)
VALUES (" . mysql_escape_string($titlepaper) . "," . mysql_escape_string($abtext) . "," . mysql_escape_string($authorTitle1) . "," . mysql_escape_string($authorName1) . "," . mysql_escape_string($authorIntials1) . "," . mysql_escape_string($authorSurname1) . "," . mysql_escape_string($authorJt1) . "," . mysql_escape_string($authorcompany1) . "," . mysql_escape_string($authoremail1) . "," . mysql_escape_string($authornumber1) . "," . mysql_escape_string($presenting1) . "," . mysql_escape_string($additional) . "," . mysql_escape_string($authorTitle2) . "," . mysql_escape_string($authorName2) . "," . mysql_escape_string($authorIntials2) . "," . mysql_escape_string($authorSurname2) . "," . mysql_escape_string($authorJt2) . "," . mysql_escape_string($authorcompany2) . "," . mysql_escape_string($authoremail2) . "," . mysql_escape_string($authornumber2) . "," . mysql_escape_string($presenting2) . "," . mysql_escape_string($correspondence) . "," . mysql_escape_string($authorTitle3) . "," . mysql_escape_string($authorName3) . "," . mysql_escape_string($authorIntials3) . "," . mysql_escape_string($authorSurname3) . "," . mysql_escape_string($authorJt3) . "," . mysql_escape_string($authorcompany3) . "," . mysql_escape_string($authoremail3) . "," . mysql_escape_string($authornumber3) . "," . mysql_escape_string($presenting3) . ")";
mysql_select_db('database');
$retval = mysql_query($sql, $conn);
if (!$retval) {
die('Could not enter data: ' . mysql_error());
}
我已经更改了insert命令的插入区域。使用mysql_escape_string在插入变量中转义不需要的char。
答案 2 :(得分:0)
$sql = "INSERT INTO individual
(titlepaper,abtext,authorTitle1,authorName1,authorIntials1,authorSurname1,authorJt1,authorcompany1,authoremail1,authornumber1,presenting1,additional)
VALUES ('". mysql_escape_string($titlepaper) . "','" . mysql_escape_string($abtext) . "','" . mysql_escape_string($authorTitle1) . "','" . mysql_escape_string($authorName1) . "','" . mysql_escape_string($authorIntials1) . "','" . mysql_escape_string($authorSurname1) . "','" . mysql_escape_string($authorJt1) . "','" . mysql_escape_string($authorcompany1) ."','" . mysql_escape_string($authoremail1) . "','" . mysql_escape_string($authornumber1) . "','" . mysql_escape_string($presenting1) . "','" . mysql_escape_string($additional) . "')";
这很有效!感谢很多人赞赏!