$sql_insert = "insert into tabs(name,singer,address) values ("$name","$singer","$songaddress")";
$res_insert = $conn->query($sql_insert);single quotation marks appear in my $name, $singer, and $songaddress variables, resulting in conflicts between quotation marks. At this time, the statement of sql cannot be executed. How to solve this problem?
addslashes function to learn about
put the single quotation marks in the strings in your variables $name, $singer, $songaddress
\'. '
sql, use two single quotation marks to indicate a single quote that is not a character boundary:
select 'fff''fff' ff Don't splice SQL. It is easy to cause SQL injection.
use PDO objects to manipulate the database, and use preprocessing statements to process your SQL to prevent SQL injection:
/* PHP */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
FROM fruit
WHERE calories < :calories AND colour = :colour');
$sth->bindParam(':calories', $calories, PDO::PARAM_INT);
$sth->bindParam(':colour', $colour, PDO::PARAM_STR, 12);
$sth->execute();http://php.net/manual/zh/clas.
use escape characters + double quotes, such as
$sql_insert = "insert into tabs (name,singer,address) values (\" $name\ ",\" $singer\ ",\" $songaddress\ ")";
I want to optimize a sentence about group by. I don t know where to start. I want to find a train of thought . SELECT adv_id, network_id, SUM(re_click) AS clk, SUM(deny_click) AS dny_clk, SUM(re_conver) AS re_ins, SUM(mat_conver) AS mat_ins, SUM(def_...
ask God to help me translate this native SQL statement into TP5 thank you! It is Db:: ( name )-> this kind of chained operation select a.id, a.titlerect a. Createwriting time as answer_count from fa_question a. Isometric solvepaper count (b.qid) as ...
I have a vegetable chicken at the front end. Recently, there is a new demand for the company s project, which has been maintained by others before. the front end uses a framework built by pHp and uses the memcached plug-in. After the project runs, ,...
The basic logic of the program is as follows: execute "LOCK TABLES auto_table WRITE "; then "select ID from auto_table; then update ID+1 " UPDATE auto_table set ID=ID+1 "; finally execute " UNLOCK TABLES " but this logic occurs when two users r...
php calls the stored procedure, and there is other execution code before and after the stored procedure, in the same transaction, but the code before and after the stored procedure is executed, but the code in the stored procedure is not executed. What i...
this is a function of asking and answering questions questions asked by users in Table A questions answered by users in Table B Table An is the only question corresponding to ID, Table B PID corresponds to Table An ID users answer which question PI...
the code is as follows $num = M ( log )-> where ( "date_format (create_time, %Y-%m ) = $date ")-> count ( id ); for($i = 0; ($i+5000)<=20000;$i += 5000){ $datas = M( credit_log )->where("date_format(create_time, %...
for example: I have a table T1 in which there is a comment named name name field select name from T1 that gets array (). [0]=array( name => 123 ), [1]=array( name => 236 ) ) how to change the above name to name ...
browser error: SQLSTATE [HY000] [1045] Access denied for user root @ localhost (using password: NO) I successfully connected to the database with navicat, the user name is root, password is the password set when installing mysql, and the framework...
how do you design database fields like youtube pages that show whether you have pressed like or dislike? And go to the database to judge when the user arrives at the page? whether the design idea is like this Post table id picroute likeusers dislik...
when learning the knowledge of mysql penetration, the attempt to read the file on disk D with sql statement failed as follows: root@host after testing, the value of secure-file-priv is not valid even if it is empty. mysql,apache is running normal...
backend PHP sends the submitted data to Filter submit data: "> < script > alert ( 1 ) < script > Filter (equivalent to conversion via htmlspecialchars): "> < script > alert ( 1 ) < script > name varchar (255) description text prom...
as shown in the figure, how to get to the quotation marks on both sides of the queue and return the data in array format ...
after the order exceeds a certain time, the user does not confirm the receipt, so the system needs to automatically complete the confirmation operation, that is, to change the status of the order. Do you have any good ideas? I have seen before that so...
php backend needs to insert records into the mysql database table. The id of this table is primary key but not self-growing, which needs to be calculated by some rules. For example, if you first check that there are N records created that day, then set t...
< H2 > hierarchical relationship table (processed using baum) < H2 > when the distributor buys, the performance automatically adds up to all his superiors monthly performance the settlement method determines whether the minimum settlement ra...
it is necessary to build a php integrated development environment on this machine. Whether it can be deployed in the cloud can be found directly through the public network ip! ...
A a_id a_title a_key a_desc a_pid 1 A A A 1 B b_id b_title b_key b_desc b_pid 1 b 2 C c_id c_title c_key c_desc c_pid 1 $title= Ctitile || ...
SessionHandler.php the contents of the file are as follows <?php namespace Dry Base; class SessionHandler{ private $pdo = null; private $lifeTime = 1440; public function __construct($pdo) { $this->pdo = $pdo; ...
I wrote an api hypothesis called sql.php myself. I am in another sql-test.php $data = array( "errno" => 1 , "errstr" => 2 , "errfile" => 3 , "errline" => 4 ); $data_string = js...