我原来的问题:插入特殊字符
我想用php将"""插入到数据库中,我用函数来转义引号:
I want to insert the """ into database with php, and I use the function to escape the quotes:
$text = str_replace("\"","\\\"",$text);我的原始数据是:
"support.apple/kb/HT4070"但是当我检查我的数据库时它显示:
but when I check my database it shows:
\"support.apple/kb/HT4070\"我想保留这句话,我怎么能在php中做到这一点?非常感谢.
and I want to keep this quote, how can I do it in the php? Thank you very much.
推荐答案切勿直接执行此操作.您可能会遇到 SQL 注入攻击
Never do this directly. You can have a SQL Injection attack
如果您使用 PDO,请使用 place hodlders:
If you use PDO, use place hodlders:
$stmt = $pdo->prepare('INSERT INTO texts (text) VALUES (?)'); $stmt->execute([$text]);或者,您还可以使用以下代码对引号和其他坏字符进行编码:
Optionally you can also encode the quotes and other bad characters with:
$text4db = htmlentities($text);通过使用占位符,您可以直接将引用的字符串保存到数据库中,并在保存时检索它.
By using placeholders you can directly save quoted strings to the database and retrieve it later as you saved them.
例如:
$text = 'My "text" has "quotes"'; $stmt = $pdo->prepare('INSERT INTO texts (text) VALUES (?)'); $stmt->execute([$text]); // later $stmt = $pdo->prepare('SELECT text FROM texts LIMIT 1'); $stmt->execute([$text]); $text = $stmt->fetchColumn(); // now $text has the same text: 'My "text" has "quotes"'更多推荐
如何将报价插入数据库
发布评论