PHP + MySQL + PDO 中的单引号转义
Single quote escaping in PHP + MySQL + PDO
我需要有关转义单引号的帮助。我在那里检查了很多 material,但我还不够精明,无法使用它。我的 PHP 代码如下。
<?php
$db = new PDO("mysql:host=localhost;dbname=tool", 'root', 'password');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
$rne = file_get_contents('/path/export.txt');
$sql = "
LOAD DATA INFILE '/path/UCBTexport.txt'INTO TABLE tool_tbl FIELDS TERMINATED BY ',' ( Bug_ID, Date_Tool_Ran, Headline, Submitted_By, Create_Modify_Date, Severity, Status );
UPDATE `tool_tbl` SET `Release_Notes`= '$rne' WHERE id = LAST_INSERT_ID()
";
$stmt = $db->prepare($sql);
$stmt->execute();
$i = 0;
do {
$i++;
}
while ($stmt->nextRowset())
;
$error = $stmt->errorInfo();
if ($error[0] != "00000")
{
echo "Query $i failed: " . $error[2];
}
else
{
echo "inserted Successfully";
}
die();
我的两个查询都有偶尔包含所有类型特殊字符的文本。如何使用此代码中的 mysql_real_escape_string 转义特殊字符?
试试这个可能对你有帮助
<?php
$db = new PDO("mysql:host=localhost;dbname=tool", 'root', 'password');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
$rne = file_get_contents('/path/export.txt');
$sql = <<<SQL
LOAD DATA INFILE '/path/UCBTexport.txt' INTO TABLE tool_tbl FIELDS TERMINATED BY ',' ( Bug_ID, Date_Tool_Ran, Headline, Submitted_By, Create_Modify_Date, Severity, Status );
UPDATE `tool_tbl` SET `Release_Notes`= '$rne' WHERE id = LAST_INSERT_ID()
SQL;
$stmt = $db->prepare($sql);
$stmt->execute();
$i = 0;
do {
$i++;
}
while ($stmt->nextRowset());
$error = $stmt->errorInfo();
if ($error[0] != "00000")
{
echo "Query $i failed: " . $error[2];
}
else
{
echo "inserted Successfully";
}
die();
尝试用这个替换。
$sql = "LOAD DATA INFILE '/path/UCBTexport.txt' INTO TABLE `tool_tbl` FIELDS TERMINATED BY ','( Bug_ID, Date_Tool_Ran, Headline, Submitted_By, Create_Modify_Date, Severity, Status ) ;
SET @last_id = LAST_INSERT_ID();
UPDATE `tool_tbl` SET `Release_Notes`= $rne WHERE id=@last_id";
<?php
$db = new PDO("mysql:host=localhost;dbname="tool", 'root', 'password');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
$rne = file_get_contents('/path/export.txt');
$rne = mysql_real_escape_string($rne); >>>> this is the addition that fixed
$sql = "
LOAD DATA INFILE '/path/UCBTexport.txt'INTO TABLE tool_tbl FIELDS TERMINATED BY ',' ( Bug_ID, Date_Tool_Ran, Headline, Subm
itted_By, Create_Modify_Date, Severity, Status );
UPDATE `tool_tbl` SET `Release_Notes`= '$rne' WHERE id = LAST_INSERT_ID()
";
$stmt = $db->prepare($sql);
$stmt->execute();
$i = 0;
这是一个老问题,但我写了这个答案,因为接受的答案使用 mysql_real_escape_string() 已弃用。
Can use $stmt->bindParam(":parameter_name", $php_variable, PDO::PARAM_STR); and don't need to escape
single quote
$db = new PDO("mysql:host=localhost;dbname=tool", 'root', 'password');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
$rne = file_get_contents('/path/export.txt');
$sql = "
LOAD DATA INFILE '/path/UCBTexport.txt'INTO TABLE tool_tbl FIELDS TERMINATED BY ',' ( Bug_ID, Date_Tool_Ran, Headline, Subm
itted_By, Create_Modify_Date, Severity, Status );
UPDATE `tool_tbl` SET `Release_Notes`= :rne WHERE id = LAST_INSERT_ID()
";
$stmt = $db->prepare($sql);
$stmt->bindParam(":rne", $rne, PDO::PARAM_STR);
$stmt->execute();
我需要有关转义单引号的帮助。我在那里检查了很多 material,但我还不够精明,无法使用它。我的 PHP 代码如下。
<?php
$db = new PDO("mysql:host=localhost;dbname=tool", 'root', 'password');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
$rne = file_get_contents('/path/export.txt');
$sql = "
LOAD DATA INFILE '/path/UCBTexport.txt'INTO TABLE tool_tbl FIELDS TERMINATED BY ',' ( Bug_ID, Date_Tool_Ran, Headline, Submitted_By, Create_Modify_Date, Severity, Status );
UPDATE `tool_tbl` SET `Release_Notes`= '$rne' WHERE id = LAST_INSERT_ID()
";
$stmt = $db->prepare($sql);
$stmt->execute();
$i = 0;
do {
$i++;
}
while ($stmt->nextRowset())
;
$error = $stmt->errorInfo();
if ($error[0] != "00000")
{
echo "Query $i failed: " . $error[2];
}
else
{
echo "inserted Successfully";
}
die();
我的两个查询都有偶尔包含所有类型特殊字符的文本。如何使用此代码中的 mysql_real_escape_string 转义特殊字符?
试试这个可能对你有帮助
<?php
$db = new PDO("mysql:host=localhost;dbname=tool", 'root', 'password');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
$rne = file_get_contents('/path/export.txt');
$sql = <<<SQL
LOAD DATA INFILE '/path/UCBTexport.txt' INTO TABLE tool_tbl FIELDS TERMINATED BY ',' ( Bug_ID, Date_Tool_Ran, Headline, Submitted_By, Create_Modify_Date, Severity, Status );
UPDATE `tool_tbl` SET `Release_Notes`= '$rne' WHERE id = LAST_INSERT_ID()
SQL;
$stmt = $db->prepare($sql);
$stmt->execute();
$i = 0;
do {
$i++;
}
while ($stmt->nextRowset());
$error = $stmt->errorInfo();
if ($error[0] != "00000")
{
echo "Query $i failed: " . $error[2];
}
else
{
echo "inserted Successfully";
}
die();
尝试用这个替换。
$sql = "LOAD DATA INFILE '/path/UCBTexport.txt' INTO TABLE `tool_tbl` FIELDS TERMINATED BY ','( Bug_ID, Date_Tool_Ran, Headline, Submitted_By, Create_Modify_Date, Severity, Status ) ;
SET @last_id = LAST_INSERT_ID();
UPDATE `tool_tbl` SET `Release_Notes`= $rne WHERE id=@last_id";
<?php
$db = new PDO("mysql:host=localhost;dbname="tool", 'root', 'password');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
$rne = file_get_contents('/path/export.txt');
$rne = mysql_real_escape_string($rne); >>>> this is the addition that fixed
$sql = "
LOAD DATA INFILE '/path/UCBTexport.txt'INTO TABLE tool_tbl FIELDS TERMINATED BY ',' ( Bug_ID, Date_Tool_Ran, Headline, Subm
itted_By, Create_Modify_Date, Severity, Status );
UPDATE `tool_tbl` SET `Release_Notes`= '$rne' WHERE id = LAST_INSERT_ID()
";
$stmt = $db->prepare($sql);
$stmt->execute();
$i = 0;
这是一个老问题,但我写了这个答案,因为接受的答案使用 mysql_real_escape_string() 已弃用。
Can use $stmt->bindParam(":parameter_name", $php_variable, PDO::PARAM_STR); and don't need to escape single quote
$db = new PDO("mysql:host=localhost;dbname=tool", 'root', 'password');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
$rne = file_get_contents('/path/export.txt');
$sql = "
LOAD DATA INFILE '/path/UCBTexport.txt'INTO TABLE tool_tbl FIELDS TERMINATED BY ',' ( Bug_ID, Date_Tool_Ran, Headline, Subm
itted_By, Create_Modify_Date, Severity, Status );
UPDATE `tool_tbl` SET `Release_Notes`= :rne WHERE id = LAST_INSERT_ID()
";
$stmt = $db->prepare($sql);
$stmt->bindParam(":rne", $rne, PDO::PARAM_STR);
$stmt->execute();