我有这个查询
db.query("
UPDATE tm
SET DESCRIPTION = 'SQL Injection (CALL \'C_DB_FUNCTION\')'
WHERE DESCRIPTION = 'SQL Injection (CALL \'C DB FUNCTION\')';
")
此查询正在处理数据库,但是当我尝试使用mysql2 gem通过ruby运行它时,我收到以下错误,
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'C_DB_FUNCTION')' (Mysql2::Error)
我猜是因为backslash,
我如何逃脱或修复它?
谢谢!
答案 0 :(得分:3)
特殊字符转义序列请找到http://dev.mysql.com/doc/refman/5.7/en/string-literals.html#character-escape-sequences
db.query(" UPDATE tm SET DESCRIPTION = 'SQL Injection (CALL \\'C_DB_FUNCTION\\')' WHERE DESCRIPTION = 'SQL Injection (CALL \\'C DB FUNCTION\\')'; ")