撇号[']未保存在数据库

时间:2018-05-30 09:10:19

标签: php

使用时,值不会保存在数据库中:撇号 [']

我将数据库整理更改为“ utf8_general_ci ”&列类型为 BLOB

addslashes 

<td <?php if($userdepart==0 ) { ?>
    contenteditable="true"
    onBlur="saveToDatabase(this,'name','<?php echo addslashes($orderrecords[$k]["id"]); ?>')"
    <?php } ?>>
    <?php echo substr(addslashes($orderrecords[$k]["name"]),0,75); ?>
</td>

我还尝试了 mysqli_real_escape_string 

<td <?php if($userdepart==0 ){?>
    contenteditable="true"
    onBlur="saveToDatabase(this,'name','<?php echo addslashes(mysqli_real_escape_string($mysqli,$orderrecords[$k]["id"])); ?>')"
    <?php }?>>
    <?php echo addslashes(mysqli_real_escape_string($mysqli,substr($orderrecords[$k]["name"],0,975))); ?>
</td>

现在我真的不能使用预准备语句和参数化查询,因为这仅供公司用户使用。请帮我解决一下......

更新 

function saveToDatabase(editableObj,column,id) {

    if(column=="image_ready" || column=="ready_to_print" || column=="ready_to_packaging" || column=="ready_to_dispatch"){cvalue=editableObj;}else{var cvalue=$(editableObj).text();}

      $.ajax({
        url: "editOrder.php",
        type: "POST",
        data:'column='+column+'&editval='+cvalue+'&id='+id,
        success: function(data){
          $(editableObj).css("background","#dddddd");
          if(column=="image_ready" || column=="ready_to_print" || column=="ready_to_packaging" || column=="ready_to_dispatch"){location.reload();}
        }
      });

editOrder.php 

$sql = "UPDATE do_order set " . $_POST["column"] . " = '".$_POST["editval"]."' WHERE  id=".$_POST["id"];

1 个答案:

答案 0 :(得分:3)

使用准备好的陈述:

$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);
$firstname = "John";
$lastname = "D'''oe";
$email = "john@example.com";
$stmt->execute();
相关问题
最新问题