如何在mysql中处理特殊字符

时间:2018-12-17 12:36:41

标签: php mysql

我有一个表单,用户可以在其中输入数据,然后将其输入到mysql数据库中。问题是当他们输入“%”符号或其他特殊字符时,当我的网站尝试显示记录时会引起问题。在显示结果时,它实际上不会导致该记录显示任何内容。我该如何解决?

$query = "SELECT * FROM makerperk WHERE pid='$pid' LIMIT 1";
$result = mysqli_query($connection, $query) or die(mysqli_error($connection));
while($row = mysqli_fetch_assoc($result)) {
    $makerid = $row['makerid'];
    $name = $row['name'];
    $title = $row['title'];
    $perkdescription = $row['perkdescription'];
    $image = $row['image'];
    $perktype = $row['perktype'];
    $restrictions = $row['restrictions'];
}

1 个答案:

答案 0 :(得分:2)

我认为您应该使用PHP mysqli_real_escape_string 

/*Escape input variable:*/
$pid = mysqli_real_escape_string($connection, $pid);

/*Run query with escaped string:*/
$query = "SELECT * FROM makerperk WHERE pid='$pid' LIMIT 1";
$result = mysqli_query($connection, $query) or die(mysqli_error($connection));
while($row = mysqli_fetch_assoc($result)) {
    $makerid = $row['makerid'];
    $name = $row['name'];
    $title = $row['title'];
    $perkdescription = $row['perkdescription'];
    $image = $row['image'];
    $perktype = $row['perktype'];
    $restrictions = $row['restrictions'];
}
相关问题
最新问题