如何使用sql& s搜索包含单引号(')的@ display变量? PHP?
例: CompanyName = ABC' S ENTERPRISE
$comp_name (as variable)
$tsql = "SELECT CompanyName from tbl.company WHERE CompanyName LIKE '%$comp_name%'";
答案 0 :(得分:0)
像这样使用addslashes php函数
$tsql = "SELECT CompanyName from tbl.company WHERE CompanyName LIKE '%".addslashes($comp_name)."%'";
为你的例子
CompanyName = ABC' S ENTERPRISE
addslashes会添加一个斜杠,如
ABC \' S ENTERPRISE
现在生成的查询将是
SELECT CompanyName from tbl.company WHERE CompanyName LIKE 'ABC\'S ENTERPRISE'
答案 1 :(得分:0)
你可以这样使用
$ comp_name(作为变量)
$ tsql ='来自tbl.company的SELECT CompanyName WHERE CompanyName LIKE“%'。$ comp_name。'%”';