如何在mysql查询中转义一个点?

时间:2022-10-16 22:25:24

The values of the array $rf contain a dot:

数组$ rf的值包含一个点:

  $rf = array(img34563.jpg , img34536.jpg);

  $query = "SELECT * FROM $appin_table WHERE img IN ( ".implode( ',' , $rf )."";
  $result = mysql_query($query)
  or die(mysql_error());

How could I escape the dot, is that possible?

我怎么能逃脱这个点,这可能吗?

Thanks in advance.

提前致谢。

2 个解决方案

#1


2  

Escaping the dot alone won't help you; you'll end up with a query like that:

单独逃离点对你没有帮助;你会得到这样的查询:

SELECT * FROM table WHERE img IN(img34563.jpg , img34536.jpg)

You'll have to apply quotes before:

您必须先申请报价:

function quote($k)
   {
      return '"' . mysql_real_escape_string($k) . '"';
   }

$values = array_map('quote', $rf);
$query = "SELECT * FROM $appin_table WHERE img IN ( ".implode( ',' , $values )."";

#2


2  

To avoid escaping, use a prepared statement:

为避免转义,请使用预先准备的声明:

$rf = array('img34563.jpg', 'img34536.jpg');

$db_connection = new mysqli("localhost", "user", "pass", "db");
$statement = $db_connection->prepare("SELECT * FROM $appin_table WHERE img IN (?,?)");
$statement->bind_param("ss", $rf[0], $rf[1]);
$statement->execute();

More info: http://www.php.net/manual/en/mysqli.prepare.php

更多信息:http://www.php.net/manual/en/mysqli.prepare.php

#1


2  

Escaping the dot alone won't help you; you'll end up with a query like that:

单独逃离点对你没有帮助;你会得到这样的查询:

SELECT * FROM table WHERE img IN(img34563.jpg , img34536.jpg)

You'll have to apply quotes before:

您必须先申请报价:

function quote($k)
   {
      return '"' . mysql_real_escape_string($k) . '"';
   }

$values = array_map('quote', $rf);
$query = "SELECT * FROM $appin_table WHERE img IN ( ".implode( ',' , $values )."";

#2


2  

To avoid escaping, use a prepared statement:

为避免转义,请使用预先准备的声明:

$rf = array('img34563.jpg', 'img34536.jpg');

$db_connection = new mysqli("localhost", "user", "pass", "db");
$statement = $db_connection->prepare("SELECT * FROM $appin_table WHERE img IN (?,?)");
$statement->bind_param("ss", $rf[0], $rf[1]);
$statement->execute();

More info: http://www.php.net/manual/en/mysqli.prepare.php

更多信息:http://www.php.net/manual/en/mysqli.prepare.php