帮助,如果我的输入带有(')符号,则无法在数据库中输入值
如果我使用chrome,可以将其输入到数据库中,但是如果我输入(')签名,则会产生错误
<form action="addsong.php" method="POST">
<h1>Add A Song</h1>
<div class="form-box">
<textarea type="text" class="seach-field title" name="title" placeholder="Title" required></textarea>
<textarea type="text" class="seach-field" name="verse1" placeholder="Verse 1" required></textarea>
<textarea type="text" class="seach-field" name="verse2" placeholder="Verse 2" ></textarea>
<textarea type="text" class="seach-field" name="verse3" placeholder="Verse 3" ></textarea>
<textarea type="text" class="seach-field" name="refrain" placeholder="Refrain" ></textarea>
<textarea type="text" class="seach-field" name="chorus" placeholder="Chorus" required></textarea>
<textarea type="text" class="seach-field" name="bridge" placeholder="Bridge" ></textarea>
<br /><br />
<button type="submit" class="search-btn noEnterSubmit" name="add-song">Add</button>
<button type="reset" onclick="window.location.href = 'index.php';" class="cancel left">Cancel</button>
</div>
</form>
这是我的addsong.php
*
$conn = mysqli_connect('localhost:3306', 'root', '', 'copy_cat');
$titles = $_POST['title'];
$v1 = $_POST['verse1'];
$v2 = $_POST['verse2'];
$v3 = $_POST['verse3'];
$refrain = $_POST['refrain'];
$chorus = $_POST['chorus'];
$bridge = $_POST['bridge'];
$query = "INSERT INTO songs (title,verse1,verse2,verse3,refrain,chorus,bridge) VALUES ('$titless','$v1','$v2','$v3','$refrain','$chorus','$bridge')";
$query_run = mysqli_query($conn, $query);
if($query_run)
{
$_SESSION['success'] = "Song Successfully Added";
header('Location: index.php');
}
else{
$_SESSION['status'] = "Song Not Added";
header('Location: error.php');
}
答案 0 :(得分:0)
语法:
mysqli_real_escape_string ( mysqli $link , string $escapestr ) : string
$link
是您的数据库连接,而$escapestr
是您需要转义的内容。
$conn = mysqli_connect('localhost:3306', 'root', '', 'copy_cat');
$titles = mysqli_real_escape_string($conn,$_POST['title']); // this is what you were missing.
$v1 = mysqli_real_escape_string($conn,$_POST['verse1']);
$v2 = mysqli_real_escape_string($conn,$_POST['verse2']);
$v3 = mysqli_real_escape_string($conn,$_POST['verse3']);
$refrain = mysqli_real_escape_string($conn,$_POST['refrain']);
$chorus = mysqli_real_escape_string($conn,$_POST['chorus']);
$bridge = mysqli_real_escape_string($conn,$_POST['bridge']);
$query = "INSERT INTO songs (title,verse1,verse2,verse3,refrain,chorus,bridge) VALUES ('$titless','$v1','$v2','$v3','$refrain','$chorus','$bridge')";
$query_run = mysqli_query($conn, $query);
if($query_run)
{
$_SESSION['success'] = "Song Successfully Added";
header('Location: index.php');
}
else{
$_SESSION['status'] = "Song Not Added";
header('Location: error.php');
}