我已经建立了一个网站,我可以使用php将数据输入到SQL数据库中。问题是当用户输入撇号时函数崩溃(SQL原因)。我认为解决这个问题的方法是清理脚本或在我的php函数中使用majic引号(我最后附上了这些引号)。我是php的新手,如果这是正确的方法,我会完全迷失。如果有人能指出我正确的方向,我真的很感激。艾伦
PHP函数;
function insert_wisha($wisherID, $description, $duedate, $Location, $Time, $Price, $Details) {
$description = $this->real_escape_string($description);
if ($this->format_date_for_sql($duedate) == null) {
$this->query("INSERT INTO wishes (wisher_id, description, Location, Time, Price, Details)" .
" VALUES (" . $wisherID . ", '" . $description . "' ,'" . $Location . "', '" . $Time . "' , '" . $Price . "', '" . $Details . "')");
} else
$this->query("INSERT INTO wishes (wisher_id, description, due_date, Location, Time, Price, Details)" .
" VALUES (" . $wisherID . ", '" . $description . "', "
. $this->format_date_for_sql($duedate) . ", '" . $Location . "', '" . $Time . "', '" . $Price . "','" . $Details . "')");
}