我刚刚发现我写的应用程序不允许用户输入 撇号到textarea。如果他们这样做,插入/更新失败。 我确定这个问题已经完成 - 但这是第一次 它是为我而来的。 我正在做的是这样的事情: 函数UpdateRecord($ iID ,$ sContent){ $ sSQL =" UPDATE MyTable SET content =''$ sContent''其中id = $ iID"; $ bSuccess = RunSQL($ sSQL); 返回$ bSuccess; } 是否有简单的转义命令,或者我是否需要全部进入 为撇号和诸如此类的东西编写一些复杂的处理程序。 注意:在这个例子中,我*完全*忽略来自SQL的威胁 注射。我只是不希望撇号使更新/创建崩溃。
I just found out that an app I wrote doesn''t allow the user to input apostrophes into the textarea. If they do, the insert/update fails. I''m sure this issue has been done to death - but it''s the first time it''s come up for me. What I''m doing is something like this: function UpdateRecord($iID, $sContent) { $sSQL = "UPDATE MyTable SET content=''$sContent'' where id=$iID"; $bSuccess = RunSQL($sSQL); return $bSuccess; } Is there a simple escape command, or am I going to have to get all into writing some complex handler for apostrophes and whatnot. Note: In this example, I''m *totally* ignoring the threat from SQL injection. I just don''t want apostrophes to crash the update/create.
推荐答案iID,
sContent){ sContent) {
sSQL =" UPDATE MyTable SET content ='' sSQL = "UPDATE MyTable SET content=''
更多推荐
逃避PHP和MySQL
发布评论