在PHP Web窗体中逃避撇号

时间:2018-02-25 23:48:51

标签: php mysql

我的PHP表单旨在将数据插入MySQL数据库。除非我的输入中有撇号,否则它工作得很好。然后,我收到了这个错误:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'fdfdf','fdfdf')' at line 2

这是我的第一个使用PHP的项目。有人可以提供如何逃避撇号的示例代码吗?

<html>
<body>
<form action="http://thefaithperspective.com/verses">
    <input type="submit" value="Add Another" />
</form>
</body>
</html>


<?php
$servername = "...";
$username = "...";
$password = "...";
$dbname = "...";

$verse= $_POST['verse'];
$book= $_POST['book'];
$reference = $_POST['reference'];


// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

$sql = "INSERT INTO myverses (versetext, book, reference)
VALUES ('$verse','$book','$reference')";
if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>

0 个答案:

没有答案