0

我的代码:

function sendMessage($client, $owner, $topic, $message, $send, $alliance, $player, $coor, $report) {
            $time = time();
    $q = "INSERT INTO " . TB_PREFIX . "mdata values (0,$client,$owner,'$topic',\"$message\",0,0,$send,$time,0,0,$alliance,$player,$coor,$report)";
    return mysql_query($q, $this->connection);
}

当我写消息时没有问题。但是如果我发送到 mysql 这个 -> ' 转换到这个 -> /'

'-> /'

我需要解决它的代码..请帮助我。

4

2 回答 2

0

尝试这个

  function sendMessage($client, $owner, $topic, $message, $send, $alliance, $player, $coor, $report) {

   $client = mysql_real_escape_string($client);
    $owner = mysql_real_escape_string($owner);
    $topic = htmlentities($topic);
  $message = htmlentities($message);
     $send = mysql_real_escape_string($send);
 $alliance = mysql_real_escape_string($alliance);
   $player = mysql_real_escape_string($player);
     $coor = mysql_real_escape_string($coor);
   $report = mysql_real_escape_string($report);

        $time = time();

    $q = "INSERT INTO " . TB_PREFIX . "mdata values (0,'$client','$owner','$topic','$message',0,0,'$send','$time',0,0,'$alliance','$player','$coor','$report')";
   return mysql_query($q, $this->connection);
   }
于 2013-01-12T16:18:50.563 回答
0

与其他人的评论类似,您应该使用 PDO,但仅mysql_real_escape_string在传递varchar或其他字符串类型字段时使用。

$q = "INSERT INTO " . TB_PREFIX . "mdata values (0,$client,$owner,
    '" . mysql_real_escape_string($topic) . "',
    '" . mysql_real_escape_string($message) . "',
    0,0,$send,$time,0,0,$alliance,
    $player,$coor,$report)";
于 2013-01-12T16:23:06.903 回答