我在让Joomla插入转义数据时遇到问题
查询是:
INSERT INTO #__shopper_orders(id,ordering,state,checked_out,checked_out_time,created_by,modified_by, order_paypal_ref,order_details,fulfillment_status,order_gift,terms_conditions)VALUES(NULL,'','','','','',' ','','$ newBody','','','');
$ newBody是
$newBody = $db->quote( $emailText );
$db->query();
$ emailText是
<h2>Website Order</h2><p>Thank you for your order. We've included a copy of it below.</p>
它将错误抛出为
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'you for your order. We\\'ve included a copy of it below.<\/p>\\r\\n<p>Quantiti' at line 3"
它似乎逃脱了已经逃脱的'角色?
有什么想法吗?
感谢
我以为我会添加更新。
我在下面看到了nibra,所以尝试了他的代码,但它没有用。但是,我的代码看起来非常相似。
我喜欢nibra执行代码的方式,所以我想让它运行起来。所以我已经包含了工作代码和他的代码(注释掉了)
//Insert into orders table
$newBody = $db->quote( $body );
$db->query();
$db = JFactory::getDbo();
$query ="
INSERT INTO `#__shopper_orders`
(`id`, `ordering`, `state`, `checked_out`, `checked_out_time`, `created_by`, `modified_by`, `order_paypal_ref`, `order_details`, `fulfillment_status`, `order_gift`, `terms_conditions`)
VALUES (NULL, '', '1', '', '', '', '', '', $newBody, '1', '', '')
";
$db->setQuery($query);
$db->query();
$insertId = $db->insertid();
/* $values = [
'id' => null,
'ordering' => '',
'state' => '1',
'checked_out' => '',
'checked_out_time' => '',
'created_by' => '',
'modified_by' => '',
'order_paypal_ref' => '',
'order_details' => $db->quote($body),
'fulfillment_status' => '1',
'order_gift' => '',
'terms_conditions' => '',
];
$query = $db->getQuery(true);
$query
->insert('#__shopper_orders')
->columns(array_keys($values))
->values(implode(',', $values))
;
$db->setQuery($query);
$result = $db->execute();
$insertId = $db->insertid();*/
答案 0 :(得分:0)
首先,您应该使用QueryBuilder而不是文字SQL。组件的用户可能使用除MySQL以外的其他RDBMS。
其次,JDatabaseDriver::quote正在添加引号,默认情况下它也会转义字符串。因此,另外引用$newBody会破坏SQL。
<?php
$db = \Joomla\CMS\Factory::getDbo();
$values = [
'id' => null,
'ordering' => '',
'state' => '',
'checked_out' => '',
'checked_out_time' => '',
'created_by' => '',
'modified_by' => '',
'order_paypal_ref' => '',
'order_details' => $db->quote($emailText),
'fulfillment_status' => '',
'order_gift' => '',
'terms_conditions' => '',
];
$query = $db->getQuery(true);
$query
->insert('#__shopper_orders')
->columns(array_keys($values))
->values(implode(',', $values))
;
$db->setQuery($query);
$result = $db->execute();
答案 1 :(得分:0)
@nibra apporach很好。下面是相同的修改,$ db-&gt; quote也接受数组。
<?php
$db = \Joomla\CMS\Factory::getDbo();
$values = [
'id' => null,
'ordering' => '',
'state' => '',
'checked_out' => '',
'checked_out_time' => '',
'created_by' => '',
'modified_by' => '',
'order_paypal_ref' => '',
'order_details' => $emailText,
'fulfillment_status' => '',
'order_gift' => '',
'terms_conditions' => '',
];
$query = $db->getQuery(true);
$query
->insert('#__shopper_orders')
->columns(array_keys($values))
->values(implode(',', $db->quote(array_values($values))))
;
$db->setQuery($query);
$result = $db->execute();