-1

我试图在将引号/特殊字符插入数据库之前转义它们,而不是手动执行它,因为真正处理的数组大约有 100 - 150 个值。我是否误用了 mysql_real_escape_string() 函数?

$names  =  array(
"Intro",
"James Bond",
"M&M\'s",
"Who\'s Fault?",
"Started From Here,
"Don\'t Start",
"I\'m Still"
);

$i = 1;

foreach ($names as $inner_names => $value)
{
    mysql_real_escape_string($value);
    mysql_query("UPDATE MixtapeSongs 
                    SET SongName = '$value' 
                  WHERE MixtapeID = 524 AND 
                        TrackNumber = '$i'") 
    or die("Query could not be completed!");
    echo "#" . $i . " - " . $value . ".....was updated to the database!";
    $i++;
}

这似乎是一个简单的修复,但我遇到了麻烦。任何帮助,将不胜感激!谢谢!

4

1 回答 1

3

此函数返回转义字符串,而不是通过引用传递,所以这样做:

$value = mysql_real_escape_string($value);

于 2013-08-12T16:50:50.057 回答