Error adding new data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'movie.php?id=6001',
type = 'stream',
embed = '<object width=\"500\" he' at line 1
现在这是我正在使用的代码:
$sql = "INSERT INTO videos SET
title = '".mysql_escape_string($title)."',
urltitle = '".slug(mysql_escape_string($title))."',
description = '',
category = 'streams',
first_img = '".mysql_escape_string($imgurl)."',
o_url = 'http://watchnewfilms.com/'".mysql_escape_string($thisUrl)."',
type = 'stream',
embed = '".mysql_escape_string($embed)."',
last_updated = '".date("Y-m-d")."',
date_added = '".date("Y-m-d")."'";
谢谢!
答案 0 :(得分:3)
您应该使用mysql_real_escape_string()
并且您应该将其应用于整个值以获得完全的安全性和更好的可读性。
在您的情况下,您还需要额外':
o_url = 'http://watchnewfilms.com/'".mysql_escape_string($thisUrl)."',
----------------------------------^