1

这是我的代码

return $this->db
            ->select('organization')
            ->like('title',$this->db->escape_str($query))
            ->or_like('description',$this->db->escape_str($query))
            ->get('shop_search')
            ->num_rows();

一切都很好,'直到."$query

错误是:$query="d'"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%' OR `description` LIKE '%d\\\\\\'%'' at line 3

SELECT `organization` FROM `default_shop_search` WHERE `title` LIKE '%d\\\\\\'%' OR `description` LIKE '%d\\\\\\'%'

我在这里想念什么?

传递的查询转储:

Debug #1 of 1: string(2) "d'"
4

2 回答 2

0

You don't need to escape manually the parameter while you're using CI Active Record Class, Just remove the $this->db->escape_str() method:

return $this->db
        ->select('organization')
        ->like('title', $query)
        ->or_like('description', $query)
        ->get('shop_search')
        ->num_rows();

From CI user Guide:

$this->db->like()

Note: All values passed to this method are escaped automatically.

Update

Okay, here's my test-case:

$query = "e'";
$res = $this->db
            ->select()
            ->like('title', $query)
            ->or_like('description', $query)
            ->get('shop_search')
            ->num_rows();

var_dump($this->db->last_query());
// Output: string(96) "SELECT * FROM (`myPrefix_shop_search`) WHERE `title` LIKE '%e\'%' OR `description` LIKE '%e\'%'"

var_dump($res);
// Output: int(1)

As I expected, AR added only one backslash to escape the $query. I run this test on CI v2.1.4.

Please revise your logic, and if you don't find anything wrong, share more necessary code, I'm all ears.

于 2013-08-24T10:28:40.633 回答
0

利用

$query = mysql_real_escape_string($query);

return $this->db
            ->select('organization')
            ->like('title',$query)
            ->or_like('description',$query)
            ->get('shop_search')
            ->num_rows();
于 2013-08-24T13:36:19.580 回答