当文本字段值中有撇号时,需要帮助输入不会插入到 db 中,我试图使用下面的代码来转义 ' 但它不起作用,
function myaddslashes($string){
if(get_magic_quotes_gpc() == 1){
return $string;
} else {
return str_replace("'", "''", $string);
}
}
我也用过这个也无济于事:
function check_input($value)
{
// Stripslashes
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
// Quote if not a number
if (!is_numeric($value))
{
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
这是我的php代码:
<?php
error_reporting(0);
require 'include/DB_Open.php';
$RemedyTicketNo = $_POST['RemedyTicketNo'];
$PhoneNumber = $_POST['PhoneNumber'];
$Category2 = $_POST['Category2'];
$Category3 = $_POST['Category3'];
$Status = $_POST['Status'];
$Createdate = $_POST['Createdate'];
$Date = $_POST['Date'];
$Severity = $_POST['Severity'];
$BanType = $_POST['BanType'];
$XiD = $_POST['XiD'];
$Ticket = $_POST['Ticket'];
if (isset($RemedyTicketNo))
{
$sql="INSERT into tbl_main (ars_no, phone_number, category_1, category_2, status, create_date, resolved_date, trouble_type_priority, ban_type, employee_id_name)
VALUES ('".$RemedyTicketNo."', '".$PhoneNumber."', '".$Category2."', '".$Category3."', '".$Status."', '".$Createdate."', '".$Date."', '".$Severity."', '".$BanType."', '".$XiD."')";
$result=mysql_query($sql);
header("Location: wireless_new.php");
}
?>
PS..我是 php 和 sql 的新手,所以我还在努力学习使用 sqli ......