使用PHP查询在MySQL中插入HTML文件

时间:2022-10-21 23:46:05

I have a heredoc variable like this:

我有一个像这样的heredoc变量:

$status=<<<EOT
<p>hello world</p>
<p>I'm <strong>really</strong>OK!</p>
<p></p>
EOT;

And I want to insert it into my MySQL DB with whitespaces by PHP like this:

我希望通过PHP将空格插入我的MySQL数据库中,如下所示:

query="INSERT INTO requests (ID,title) VALUES ('$ID','$status')";

But I can't do that. What should I do to be allowed to insert that?

但我做不到。我应该怎么做才能插入?

2 个解决方案

#1

1  

You can do it in 2 ways:

你可以用两种方式做到:

Using mysqli_real_escape_string() like this:

像这样使用mysqli_real_escape_string():

$mydb = new mysqli("localhost","root","FedAnd11");

$status=<<<EOT
<p>hello world</p>
<p>I'm <strong>really</strong>OK!</p>
<p></p>
EOT;

$query="INSERT INTO requests (ID,title) VALUES ('$ID','".$mydb->real_escape_string($status)."')";

or if you don't have a db connection yet,

或者如果您还没有数据库连接,

$status=<<<EOT
<p>hello world</p>
<p>I'm <strong>really</strong>OK!</p>
<p></p>
EOT;

$status = str_replace(array('\\', "\0", "\n", "\r", "'", '"', "\x1a"), array('\\\\', '\\0', '\\n', '\\r', "\\'", '\\"', '\\Z'), $status);

$query="INSERT INTO requests (ID,title) VALUES ('$ID','$status')";

If I've understood you problem.

如果我理解你的问题。

Another thing you can do, is to use a mysql prepared statement, if you really want to put $status as is, like this:

你可以做的另一件事是使用mysql预处理语句,如果你真的想按原样放置$ status,就像这样:

$status=<<<EOT
<p>hello world</p>
<p>I'm <strong>really</strong>OK!</p>
<p></p>
EOT;

$stmt = $dbConnection->prepare('INSERT INTO requests (ID,title) VALUES (?,?)');
$stmt->bind_param('is', $ID,$status);

$stmt->execute();

I supposed the $ID is integer.

我认为$ ID是整数。

#2

0  

Try using addslashes()

尝试使用addslashes()

$status = addslashes($status);
query="INSERT INTO requests (ID,title) VALUES ('$ID','$status')";

#1

1  

You can do it in 2 ways:

你可以用两种方式做到:

Using mysqli_real_escape_string() like this:

像这样使用mysqli_real_escape_string():

$mydb = new mysqli("localhost","root","FedAnd11");

$status=<<<EOT
<p>hello world</p>
<p>I'm <strong>really</strong>OK!</p>
<p></p>
EOT;

$query="INSERT INTO requests (ID,title) VALUES ('$ID','".$mydb->real_escape_string($status)."')";

or if you don't have a db connection yet,

或者如果您还没有数据库连接,

$status=<<<EOT
<p>hello world</p>
<p>I'm <strong>really</strong>OK!</p>
<p></p>
EOT;

$status = str_replace(array('\\', "\0", "\n", "\r", "'", '"', "\x1a"), array('\\\\', '\\0', '\\n', '\\r', "\\'", '\\"', '\\Z'), $status);

$query="INSERT INTO requests (ID,title) VALUES ('$ID','$status')";

If I've understood you problem.

如果我理解你的问题。

Another thing you can do, is to use a mysql prepared statement, if you really want to put $status as is, like this:

你可以做的另一件事是使用mysql预处理语句,如果你真的想按原样放置$ status,就像这样:

$status=<<<EOT
<p>hello world</p>
<p>I'm <strong>really</strong>OK!</p>
<p></p>
EOT;

$stmt = $dbConnection->prepare('INSERT INTO requests (ID,title) VALUES (?,?)');
$stmt->bind_param('is', $ID,$status);

$stmt->execute();

I supposed the $ID is integer.

我认为$ ID是整数。

#2

0  

Try using addslashes()

尝试使用addslashes()

$status = addslashes($status);
query="INSERT INTO requests (ID,title) VALUES ('$ID','$status')";
标签:

相关文章