在PHP中逃避MySQL查询 - mysql_query()更新什么都不做

时间:2021-12-01 22:45:58

In my php script for a gallery, I need to update my table.
I am using the following code, but the code does nothing:

在我的php脚本库中,我需要更新我的表。我使用以下代码,但代码什么都不做:

mysql_query(' "update gallery_photos set photo_caption = replace(photo_caption,"\\\'","\'") "');

Can you tell me how to get it to work or point me in the right direction?

你能告诉我如何让它工作或指向正确的方向吗?

3 个解决方案

#1

4  

Try

尝试

mysql_query("UPDATE gallery_photos SET photo_caption = REPLACE(photo_caption,'\\\'','\'') ");

You have the escaping and ' and " mixed in a wrong way.

你有逃避和'和'以错误的方式混合。

The thing is, there are two unescapings: Once in PHP, then in MySQL.

问题是,有两个失败:一次在PHP中,然后在MySQL中。

So '\\\\' becomes "\\" in PHP and then "\" in MySQL.

所以'\\\\'在PHP中成为“\\”,然后在MySQL中成为“\”。

And now I found out that even * spoils it for us as it unescapes too. So to write "\\" here I had to write "\\\\" :)

而现在我发现即使是*也会为我们破坏它,因为它也是无用的。所以在这里写“\\”我不得不写“\\\\”:)

#2

1  

Try this with removing single quotes at start and end.

尝试在开始和结束时删除单引号。

mysql_query("update gallery_photos set photo_caption = replace( photo_caption,'\\\'','\'') ");

#3

1  

try doing this

试着这样做

$que = mysql_query("select * from gallery_photos");
$fet = mysql_fetch_object($que);
$pc  = $fet->photo_caption;
$pc2 = replace($pc,"'\\\'","'\'") ;

$update = mysql_query("update gallery_photos set photo_caption='$pc2'");

if (!$update) {
  echo "Error : <br>";
  echo "".mysql_error()."";
}else {
  echo "Updated ..!!";
}

#1

4  

Try

尝试

mysql_query("UPDATE gallery_photos SET photo_caption = REPLACE(photo_caption,'\\\'','\'') ");

You have the escaping and ' and " mixed in a wrong way.

你有逃避和'和'以错误的方式混合。

The thing is, there are two unescapings: Once in PHP, then in MySQL.

问题是,有两个失败:一次在PHP中,然后在MySQL中。

So '\\\\' becomes "\\" in PHP and then "\" in MySQL.

所以'\\\\'在PHP中成为“\\”,然后在MySQL中成为“\”。

And now I found out that even * spoils it for us as it unescapes too. So to write "\\" here I had to write "\\\\" :)

而现在我发现即使是*也会为我们破坏它,因为它也是无用的。所以在这里写“\\”我不得不写“\\\\”:)

#2

1  

Try this with removing single quotes at start and end.

尝试在开始和结束时删除单引号。

mysql_query("update gallery_photos set photo_caption = replace( photo_caption,'\\\'','\'') ");

#3

1  

try doing this

试着这样做

$que = mysql_query("select * from gallery_photos");
$fet = mysql_fetch_object($que);
$pc  = $fet->photo_caption;
$pc2 = replace($pc,"'\\\'","'\'") ;

$update = mysql_query("update gallery_photos set photo_caption='$pc2'");

if (!$update) {
  echo "Error : <br>";
  echo "".mysql_error()."";
}else {
  echo "Updated ..!!";
}
标签:

相关文章