在我看来,你不关心清理 sql 查询中的值
http://php.net/manual/en/function.mysql-real-escape-string.php
简单示例:我们有结构表:
CREATE TABLE `test` (
`text` VARCHAR(1024) NULL DEFAULT '0'
)
COLLATE='utf8_unicode_ci'
ENGINE=InnoDB
和 PHP 脚本
header("Content-type:text/html;charset=utf8");
$ar = array
(
1 => Array
(
'time' => '07:30',
'event' => 'Celebrity Organ Recital – Sophie-Véronique Cauchefer-Choplin'
)
);
$mysqli = new mysqli('localhost','root', '', 'test');
$mysqli -> query("INSERT INTO `test` (`text`) VALUES ('" . json_encode($ar) . "')"); // we not escape characters like \, ", '
// now we use mysqli::real_escape_string
$mysqli -> query("INSERT INTO `test` (`text`) VALUES ('" . $mysqli -> real_escape_string(json_encode($ar)) . "')"); // here we escape characters
$mysqli_result = $mysqli -> query("SELECT * FROM `test");
while($result = $mysqli_result -> fetch_assoc()){
var_dump(json_decode($result["text"],true));
}
结果var_dump
是:
array
1 =>
array
'time' => string '07:30' (length=5)
'event' => string 'Celebrity Organ Recital u2013 Sophie-Vu00e9ronique Cauchefer-Choplin' (length=68)
array
1 =>
array
'time' => string '07:30' (length=5)
'event' => string 'Celebrity Organ Recital – Sophie-Véronique Cauchefer-Choplin' (length=63)
第二个var_dump
正常