0

I'm trying to insert some names with special characters, such as an apostrophe, into a mysql database using php. For example:

INSERT INTO PLAYERS VALUES('{$players[$n][1]}','$nom_team');

where $players is an array that contains names as N'Zogbia, N'Diaye, etc. However, this results in an error.

I have tried using the addslashes function:

$players[$n][1] = addslashes( $players[$n][1] );

but this doesn't work correctly. What gets saved in the database is N\'Zogbia, or sometimes N\\\\\\\\\\'Diaye.

I have run out of ideas to fix the problem. I hope you guys can help me.

4

2 回答 2

0

有2种可能的情况

  1. 你有魔术引号。关闭它们。
  2. 某种Sanitize Them All功能在您的所有输入数据上运行。摆脱它。
于 2013-02-16T16:48:44.463 回答
-1

您可以使用准备好的语句。

<?php
$link = mysqli_connect("localhost", "my_user", "my_password", "world");

/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

$city = "N'Zogbia";

/* create a prepared statement */
if ($stmt = mysqli_prepare($link, "SELECT District FROM City WHERE Name=?")) {

    /* bind parameters for markers */
    mysqli_stmt_bind_param($stmt, "s", $city);

    /* execute query */
    mysqli_stmt_execute($stmt);

    /* bind result variables */
    mysqli_stmt_bind_result($stmt, $district);

    /* fetch value */
    mysqli_stmt_fetch($stmt);

    printf("%s is in district %s\n", $city, $district);

    /* close statement */
    mysqli_stmt_close($stmt);
}

/* close connection */
mysqli_close($link);
?>
于 2013-02-16T16:50:08.480 回答