Php CodeIgniter-转义SQL
我正在尝试更新我的数据库。其中一个列值包含撇号等。我在CodeIgniter中对可能包含此类字符的字符串使用了Php CodeIgniter-转义SQL,php,mysql,sql,codeigniter,Php,Mysql,Sql,Codeigniter,我正在尝试更新我的数据库。其中一个列值包含撇号等。我在CodeIgniter中对可能包含此类字符的字符串使用了$this->db->escape,但仍然出现以下错误: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'O\'Keeffe, O\'Keefe'' WHERE `su
$this->db->escape
,但仍然出现以下错误:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'O\'Keeffe, O\'Keefe'' WHERE `survey_id` = 188' at line 1
UPDATE `survey` SET `firstname_confidence_score` = 100, `firstname_rhymes` = '''', `lastname_confidence_score` = 85, `lastname_rhymes` = ''O\'Keeffe, O\'Keefe'' WHERE `survey_id` = 188;
我该如何解决这个问题
更新:
$sql = "UPDATE `$table_name` SET `firstname_confidence_score` = $firstname_confidence_score, `firstname_rhymes` = '" . $this->db->escape($firstname_rhymes) . "', `lastname_confidence_score` = $lastname_confidence_score, `lastname_rhymes` = '" . $this->db->escape($lastname_rhymes) . "' WHERE `$primary_id` = $id;";
$result = $this->db->query($sql);
在姓氏的韵值周围有两个撇号
您在lastname_Rymes值周围有双撇号。因为您使用的是
$this->db->escape()
,所以您会自动在数据周围添加单引号
您只需要:
$sql = "UPDATE `$table_name`
SET `firstname_confidence_score` = $firstname_confidence_score,
`firstname_rhymes` = " . $this->db->escape($firstname_rhymes) . ",
`lastname_confidence_score` = $lastname_confidence_score,
`lastname_rhymes` = " . $this->db->escape($lastname_rhymes) .
"WHERE `$primary_id` = $id;";
您不需要在
$this->db->escape($firstname\u hylms)
周围加单引号。因为您使用的是$this->db->escape()
,所以您会自动在数据周围加单引号
您只需要:
$sql = "UPDATE `$table_name`
SET `firstname_confidence_score` = $firstname_confidence_score,
`firstname_rhymes` = " . $this->db->escape($firstname_rhymes) . ",
`lastname_confidence_score` = $lastname_confidence_score,
`lastname_rhymes` = " . $this->db->escape($lastname_rhymes) .
"WHERE `$primary_id` = $id;";
你不需要在
$this->db->escape($firstname\u-hylms)
周围加上单引号。不应该像这样把引号加倍。。您如何使用escape
?是否使用活动记录?您可以发布创建SQL语句的代码段吗?它不应该像那样将引号加倍。。您如何使用escape
?是否使用活动记录?您能发布创建SQL语句的代码片段吗?您的意思是:'O'Keeffe,O'Keefe'
?我看不到双重含义。你的意思是:'O'Keeffe,O'Keefe'
?我看不到双重的。是的,就是这样。字符串周围的单引号来自我之前使用$this->db->escape的早期版本的SQL。谢谢很乐意帮忙,你只需要多一双眼睛。祝你一切顺利!是的,成功了。字符串周围的单引号来自我之前使用$this->db->escape的早期版本的SQL。谢谢很乐意帮忙,你只需要多一双眼睛。祝你一切顺利!