For some reason, this query isn't submitting to the database, although there are no errors!
出于某种原因,此查询未提交到数据库,尽管没有错误!
$listingdesc2 = "'test test test','test test test'";
$category = "apple, banana";
$addlisting = mysql_query("INSERT INTO `directory` (". $category .") VALUES (". $listingdesc2 .")");
I have made sure the table and column names are correct. Is there something wrong with my query, or not?
我确保表和列名称是正确的。我的查询有问题吗?
I am thinking it is something to do with $listingdesc2
, trying to use a variable in a query that is seperated by commas.
我认为这与$ listingdesc2有关,试图在逗号分隔的查询中使用变量。
apple should return 'test test test' in the database banana should return 'test test test' in the database
apple应该在数据库中返回'test test test',应该在数据库中返回'test test test'
chris, here's a full snippet of my code, the above was a really basic example.
克里斯,这里是我的代码的完整片段,上面是一个非常基本的例子。
$listingdesc = mysql_real_escape_string($_POST['listingdesc']);
$category = $_POST['category']; //this is an array from a multiple selection checklist
$numcat = count($category);
$category = implode(", ",$category);
$listingdesc1 = "'$listingdesc'";
$a = array_fill(0, $numcat, $listingdesc1);
$listingdesc2 = implode(',', $a);
$addlisting = mysql_query("INSERT INTO `directory` (". $category .") VALUES (". $listingdesc2 .")");
Then I echo the values used in the query, they are as follows:
然后我回显查询中使用的值,它们如下:
$listingdesc2 = 'test test test','test test test'
$ listingdesc2 ='测试测试','测试测试'
$category = 'apple, banana'
$ category ='apple,banana'
1 个解决方案
#1
0
With string mysql_escape_string ( string $unescaped_string )
you can escape especial characters just for prevent sql injection , by the way I consider you to use PDO
library from PHP or mysqli
instead of mysql
, because this library is deprecated in PHP >5.4
and now the stable version of PHP is 5.6
.
使用字符串mysql_escape_string(字符串$ unescaped_string)你可以转义特殊字符只是为了防止sql注入,我认为你使用PHP或mysqli而不是mysql的PDO库的方式,因为这个库在PHP> 5.4不推荐使用现在稳定PHP的版本是5.6。
#1
0
With string mysql_escape_string ( string $unescaped_string )
you can escape especial characters just for prevent sql injection , by the way I consider you to use PDO
library from PHP or mysqli
instead of mysql
, because this library is deprecated in PHP >5.4
and now the stable version of PHP is 5.6
.
使用字符串mysql_escape_string(字符串$ unescaped_string)你可以转义特殊字符只是为了防止sql注入,我认为你使用PHP或mysqli而不是mysql的PDO库的方式,因为这个库在PHP> 5.4不推荐使用现在稳定PHP的版本是5.6。