-3

我有以下表格,以下是我使用所有可能的检查来解决此问题的查询。问题是插入适用于 phpMyAdmin 但不适用于 PHP。我尝试了一切,但仍然有同样的问题。

这是我的表格代码:

       CREATE TABLE IF NOT EXISTS `cle` (
      `id` int(40) NOT NULL AUTO_INCREMENT,
       `title` varchar(444) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL DEFAULT 'Article',
       `content` text CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
       `url` varchar(222) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
       `status` int(11) DEFAULT '0',
       `alt` varchar(400) DEFAULT NULL,
       PRIMARY KEY (`id`),
       KEY `url` (`url`,`status`)
       ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

这是插入代码:

      INSERT INTO cle (content,url,alt) VALUES (' <br> <span name=KonaFilter style=\"width:100%;\"><center><font size=\"4\"><b>Rate? Part 1</b> by<b>  </b></font></center></span> <span> <br> <center>         <br><td><img src=\"http://a1.abc.com/a/spacer.gif\" height=\"0\" width=\"1\"></td></tr> <tr><td>Article Posted: 04/04/2005</td></tr> </table> </td> </tr> </table> <table cellspacing=\"0\" cellpadding=\"1\" width=\"100%\" border=0> <tr> <td><h1 style=\"color:02679D; font-size:16\"><b><span name=KonaFilter>Howe? Part 1</span></b></h1></td> <td align=\"right\">     <table border=0 cellpadding=4> <tr> <td valign=\"top\"> <img name=\"btn36\" src=\"http://a4.abc.com/a/js_feed_article.gif\" width=48 height=38 onclick=\"ClipBoard(input36);\" onmouseover=\"this.style.cursor = \'hand\';\"> <input type=\"hidden\" name=\"input36\" value=\'</td> <td valign=\"top\"> <a href=\"http://www.a.com/Email_Article.cfm?articleid=36\"><img src=\"http://a4.abc.com/a/email_me.gif\" width=38 height=33 border=0></a> </td> </tr>    </table> </td> </tr> <tr> <td colspan=2> </td> </tr> <tr><td><br>&nbsp;<br></td></tr> <tr>     <td valign=\"bottom\" colspan=2> <form name=\"formx\" action=\"/article_detail.cfm?articleid=36\" method=\"post\"> <input type=\"hidden\" name=\"flagged\" value=1> <input type=\"image\" src=\"http://a1.abc.com/a/categorize.gif\" alt=\"Is gory?\" onclick=\"flag();\"> </form> </td></tr> </tr> <tr><td colspan=2><img src=\"http://a1.abc.com/a/spacer.gif\" height=\"5\" width=\"1\"></td></tr> <tr><td colspan=2> <div align=left style=\"width:370; height:315;\">s we’ll sues. <br> Question 1:? Do on such as “read more here” or? <br> What bsite. “Read More Here” us ASP vendors, rates, why itrates. <br> <p><br<!-- --> <table cellspacing=1 cellpadding=\"1\" border=0 width=\"130\" bgcolor=\"5A5A5A\"> <tr> <td valign=\"middle\" align=\"right\" height=\"10\" style=\"background-repeat:no-repeat;\" bgcolor=\"ffffff\" background=\"http://a15.abc.com/a/catbox.gif\">&nbsp;<font face=\"arial\" style=\'font-size:12\'><b><font style=\'font-family:verdana; font-size:9\'>Rate This Article</font> <img onclick=\'closeWindow();\' src=\'/a/close.gif\'>&nbsp;</b></font></td> </tr> <tr><td bgcolor=\"dddcdd\"> <table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\">       <tr> <td align=\"center\"> <table border=0> <form name=\"form2\" action=\"\" method=\"post\"> <tr><td colspan=5><input type=\"text\" name=\"xDesc\" value=\"\" style=\"border:0 px; font-size:10;background-color:dddcdd\" contenteditable=\"false\"></td>          </form> <tr> <td width=\"20%\">  </td> <td width=\"20%\"> <form name=\"rateform2\"            action=\"/feedback.cfm/36?articleid=36&title=2C1\" method=\"post\"> <input type=\"hidden\" name=\"rating\" value=2> <img src=\"http://a2.abc.com/a/empty_star.gif\" name=\"imagetwo\" alt=\"Minimal useful information.\" style=\"border:0px\" onclick=\"rate(2);\" onmouseover=\"starDesc(2);\" onmouseout=\"starDesc(0);emptyStar(2);\"> </form> </td> <td          width=\"20%\"> <form name=\"rateform3\" action=\"/f.cfm/36?articleid=36C1\" method=\"post\"> <input type=\"hidden\" name=\"rating\" value=3> <img src=\"http://a3.abc.c.gif\" name=\"imagethree\" alt=\"Decent and informative.\"  style=\"border:0px\" onclick=\"rate(3);\" onmouseover=\"starDesc(3);\" onmouseout=\"starDesc(0);emptyStar(3);\"> </form> </td> <td width=\"20%\"> <form name=\"rateform4\" action=\"/feedback.cfm/36?articleid=36&title=C1\" method=\"post\">          <input type=\"hidden\" name=\"rating\" value=4> <img src=\"http://a4.abc.com/a/emptyr.gif\" name=\"imagefour\" alt=\"Gre.\" style=\"border:0px\" onclick=\"rate(4);\" onmouseover=\"starDesc(4);\" onmouseout=\"starDesc(0);emptyStar(4);\"> </form> </td> <td width=\"20%\"> <form name=\"rateform5\" action=\"/fem/36?articleid=36&title=C1\" method=\"post\"> <input type=\"hidden\" name=\"rating\" value=5> <img src=\"http://a5.abc.com/a/empty_star.gif\" name=\"imagefive\" alt=\"A \'Must Read\'.\" style=\"border:0px\" onclick=\"rate(5);\" onmouseover=\"starDesc(5);\" onmouseout=\"starDesc(0);emptyStar(5);\"> </form> </td> </tr> </table> </td> </tr> </table>         </td> </tr> <tr><td bgcolor=\"5A5A5A\"><img src=\"http://a1.aer.gif\" height=\"8\" width=\"100%\"></td></tr> </table>  </div> <script type=\"text/javascript\"> //Enter \"frombottom\" or \"fromtop\" var verticalpos=\"frombottom\" function JSFX_FloatTopDiv() {    var tmpcookie = new Date();    chkcookie = (tmpcookie.getTime() + \'\');    document.cookie = \"chkcookie=\" + chkcookie + \"; path=/\"; if (document.cookie.indexOf(chkcookie,0) < 0) { divStayTopLeft.style.left=-1000;       }     else { starDesc(0); var startX = 0, startY = 100; var ns = (navigator.appName.indexOf(\"Netscape\") != -1); var d = document; function ml(id) { var el=d.getElementById?d.getElementById(id):d.all?d.all[id]:d.layers[id]; if(d.layers)el.style=el; el.sP=function(x,y){this.style.left=x;this.style.top=y;}; el.x = startX; if (verticalpos==\"fromtop\") el.y = startY; else{ el.y = ns ? page
              <p> </td> </tr> <tr><td align=\"center\" > <p>&nbsp;<p> <font size=3 color=990000>Doe?  Have a Comment?  POST IT!</font><p> <table cellspacing=1 cellpadding=\"4\" border=0 width=\"100%\" bgcolor=\"4D4D4D\" align=\"center\"> <tr> <td align=\"right\" height=\"23\" style=\"background-repeat:no-repeat;\" bgcolor=\"ffffff\" background=\"\">&nbsp;<font face=\"arial\" style=\'font-size:12\'><b>Re</b></font>&nbsp;    </td> </tr> <tr><td  bgcolor=\"dddddd\"> <form action=\"/post_.cfm\" method=\"post\">       <table width=\"100%\" cellpadding=3 border=0 cellspacing=1> </table> <table width=\"100%\" cellpadding=5 border=0> <tr><td colspan=2><font size=2><strong>Sue.</strong></font></td></tr> <tr> <td colspan=2 align=\"center\">Make this comment <input type=radio  selected name=PublicPrivate value=\"Public\" label=\"Public\"> <label for=\"Public\">Public</label> or <input type=radio  name=PublicPrivate value=\"Private\" label=\"Private\"> <label for=\"Private\">Private</label> to th:</td> </tr> <tr> <td align=\"right\">Name:</td> <td>     <input type=\"text\" name=\"name\" value=\"\" size=50> </td> </tr> <tr> <td align=\"right\" valign=\"top\">Email:</td> <td><input type=\"text\" name=\"Emss\" value=\"\" size=50><br>   <font size=1 color=\"ff0000\">*Youy.</font></td> </tr> <tr> <td align=\"right\" valign=\"top\">Comments:</td> <td><font size=1 color=\"ff0000\">*Yongly.</font><br>     <textarea cols=45 rows=10 name=\"Comments\"></textarea></td> </tr> <tr> <td>&nbsp;</td>       <td><img src=\"http://a6.abc.com/f.jpg\"></td> </tr> <tr> <td align=\"right\" valign=\"top\">Pge:</td> <td align=\"left\"><input type=\"text\" maxlength=6 name=\"ImageCode\" value=\"\" size=10></td> </tr> <tr> <td colspan=2 align=\"center\">      <input type=\"hidden\" name=\"ArticleID\" value=\"36\"> <input type=\"hidden\" name=\"x\" value=\"gwSIMR\"> <input type=\"hidden\" name=\"Author
       ID\" value=\"\"> <input type=\"hidden\" name=\"ReturnTo\" value=\"/article_detail.cfm?articleid=36\"> <input type=\"Submit\" value=\"Sut\" name=\"PostComment\"> </td> </tr> </table> </form> </td>         </tr> <tr><td  bgcolor=\"4D4D4D\"><img src=\"http://a1.abc.com/er.gif\" height=\"8\" width=\"100%\"></td></tr> </table>  </td></tr> </table> </span>                            <br>','http://www.a.com/article_detail.cfm?articleid=36','-')

这是一个sqlfiddle

我在哪里犯错?

4

3 回答 3

0

如果您将它们从 PHP 直接扔到 MySQL 中,您将需要转义两次。第一个反斜杠将由 PHP 而非 MySQL 解释。

如果您有如下调用的函数(例如):

function_called("this\' quote");

该函数实际上将接收“this' quote”,而不是反斜杠版本。

为了解决这个问题,有两种解决方案:

  1. 依赖 PDO 或 MySQLi 提供的查询参数化(从长远来看也更安全)
  2. 双逃的东西。这个\' 引用然后变为This\\\' quote. 在第一次通过时,\ 被解释为 \,\' 变为 '。在第二遍(MySQL)中,剩下的是 \'。
于 2013-03-28T12:24:32.173 回答
0

我认为您的插入查询错误

你可以使用name=\"KonaFilter\"而不是name=KonaFilter

于 2013-03-28T12:26:44.940 回答
0

我认为问题出在这一行 - “我们会起诉。
问题 1:?” 尝试将此行替换为“我们将起诉。
问题 1:?”

于 2013-03-28T12:29:00.343 回答