I'm using mysqli in a PHP class.

我在PHP类中使用mysqli。

I have this query to be executed:

我有这个查询要执行:

INSERT INTO notifications (userid, content, uniq, link) VALUES (48, "[2014-07-30] Nomid has edited the post \"Somepost\"", "934512e1e9314d9c602a02a26114a625", "http://website/somepost")

It fails, showing the error:

它失败了,显示错误:

You have an error in your query etc. to use near '"[2014-07-30] Nomid has edited the post \"Somepost\"", "934512e1e9314d9"'

您的查询等有错误,请在“附近使用”[2014-07-30] Nomid已编辑帖子\“Somepost \”“,”934512e1e9314d9“'

But if I look in the DB, the new row is present.

但是,如果我查看数据库,则会出现新行。

The parameters are escaped using mysqli_real_escape_string():

使用mysqli_real_escape_string()转义参数:

$msg = $this->escape($msg);
$uniqid = $this->escape($uniqid);

$sql = "INSERT INTO notifications (userid, content, uniq, link) VALUES ($userid, \"$msg\", \"$uniqid\", \"$link\")";
// die($sql);
$this->query($sql);

I tried to check query execution with $mysqli->affected_rows and !$result of mysqli_query().

我试图用$ mysqli-> affected_rows和mysqli_query()的$ $结果检查查询执行情况。

The fields types are

字段类型是

INT (11) for userid, TEXT for content, TINYTEXT for uniq and TINYTEXT for link.

用户ID为INT(11),内容为TEXT,uniq为TINYTEXT,链接为TINYTEXT。

All of the TEXT fields have collation "utf8_general_ci".

所有TEXT字段都具有排序规则“utf8_general_ci”。

I didn't create the table.

我没有创建表。

The strange thing is that if I look in the database, the query was successfully executed...

奇怪的是,如果我查看数据库,查询已成功执行...

Why is this happening?

为什么会这样?

1 个解决方案

$userid = $this->escape($userid);
$msg = $this->escape($msg);
$uniqid = $this->escape($uniqid);
$link = $this->escape($link);

$sql = "INSERT INTO notifications (userid, content, uniq, link) VALUES ('$userid', '$msg', '$uniqid', '$link')";

#1

$userid = $this->escape($userid);
$msg = $this->escape($msg);
$uniqid = $this->escape($uniqid);
$link = $this->escape($link);

$sql = "INSERT INTO notifications (userid, content, uniq, link) VALUES ('$userid', '$msg', '$uniqid', '$link')";