I'm using mysqli in a PHP class.
我在PHP类中使用mysqli。
I have this query to be executed:
我有这个查询要执行:
INSERT INTO notifications (userid, content, uniq, link) VALUES (48, "[2014-07-30] Nomid has edited the post \"Somepost\"", "934512e1e9314d9c602a02a26114a625", "http://website/somepost")
It fails, showing the error:
它失败了,显示错误:
You have an error in your query etc. to use near '"[2014-07-30] Nomid has edited the post \"Somepost\"", "934512e1e9314d9"'
您的查询等有错误,请在“附近使用”[2014-07-30] Nomid已编辑帖子\“Somepost \”“,”934512e1e9314d9“'
But if I look in the DB, the new row is present.
但是,如果我查看数据库,则会出现新行。
The parameters are escaped using mysqli_real_escape_string():
使用mysqli_real_escape_string()转义参数:
$msg = $this->escape($msg);
$uniqid = $this->escape($uniqid);
$sql = "INSERT INTO notifications (userid, content, uniq, link) VALUES ($userid, \"$msg\", \"$uniqid\", \"$link\")";
// die($sql);
$this->query($sql);
I tried to check query execution with $mysqli->affected_rows and !$result of mysqli_query().
我试图用$ mysqli-> affected_rows和mysqli_query()的$ $结果检查查询执行情况。
The fields types are
字段类型是
INT (11) for userid, TEXT for content, TINYTEXT for uniq and TINYTEXT for link.
用户ID为INT(11),内容为TEXT,uniq为TINYTEXT,链接为TINYTEXT。
All of the TEXT fields have collation "utf8_general_ci".
所有TEXT字段都具有排序规则“utf8_general_ci”。
I didn't create the table.
我没有创建表。
The strange thing is that if I look in the database, the query was successfully executed...
奇怪的是,如果我查看数据库,查询已成功执行...
Why is this happening?
为什么会这样?
1 个解决方案
#1
0
you sql should be like
你的sql应该是这样的
$userid = $this->escape($userid);
$msg = $this->escape($msg);
$uniqid = $this->escape($uniqid);
$link = $this->escape($link);
$sql = "INSERT INTO notifications (userid, content, uniq, link) VALUES ('$userid', '$msg', '$uniqid', '$link')";
#1
0
you sql should be like
你的sql应该是这样的
$userid = $this->escape($userid);
$msg = $this->escape($msg);
$uniqid = $this->escape($uniqid);
$link = $this->escape($link);
$sql = "INSERT INTO notifications (userid, content, uniq, link) VALUES ('$userid', '$msg', '$uniqid', '$link')";