0

$_POST通过 PHP 将表单导入到 MYSQL DB 中,其中包含像“O'Hara”这样的撇号,然后我得到斜杠。我知道 mysql_real_escape_string 使用斜杠来防止这样的事情,但是我如何检查带有撇号的字符串的数据库?

例子:

$name = mysql_real_escape_string(stripslashes($_POST['full_name']));
$check = mysql_query("SELECT * FROM `stadiums` WHERE `stadium_name` LIKE '%$name%' LIMIT 0, 10") or die(mysql_error());
4

1 回答 1

1

尝试

$name = $_POST['full_name'];
if (get_magic_quotes_gpc()) {
  $name = stripslashes($name);
}
$name = mysql_real_escape_string($name);
$check = mysql_query("SELECT * FROM `stadiums` 
  WHERE `stadium_name` LIKE '%$name%' LIMIT 0, 10") or die(mysql_error());

stripslashes仅在magic quotes启用时用于输入。

于 2012-10-31T02:48:12.980 回答