在php中插入带有特殊字符的查询
这是我的密码在php中插入带有特殊字符的查询,php,Php,这是我的密码 <?php $con = mysql_connect('localhost','test','test'); mysql_select_db('test',$con); require_once("xml2json.php"); $testXmlFile = 'mytest.xml'; $xmlStringContents = file_get_contents($testXmlFile); $jsonContents = ""; $jsonConten
<?php
$con = mysql_connect('localhost','test','test');
mysql_select_db('test',$con);
require_once("xml2json.php");
$testXmlFile = 'mytest.xml';
$xmlStringContents = file_get_contents($testXmlFile);
$jsonContents = "";
$jsonContents = xml2json::transformXmlStringToJson($xmlStringContents);
$obj =json_decode($jsonContents);
$rows = array();
foreach($obj->rss->channel->item as $item) {
echo $item->title."\n";
echo $item->description."\n";
$rows[] = "('".mysql_real_escape_string($item->title)."','".mysql_real_escape_string($item->description)."')";
}
$del_horoscope = "delete from jos_horoscope";
mysql_query($del_horoscope);
$query = mysql_real_escape_string("INSERT INTO `jos_horoscope` (`title`,`description`) VALUES ".implode(', ',$rows));
mysql_query($query);
if (!mysql_query($query)) echo 'Oh no! Something went wrong with the query: '.mysql_error();
?>
What's special today for you
Your birth on the 25th day of the month (7 energy) modifies
your life path by giving you some special interest in technical,
scientific, or other complex and often hard to understand subjects.
You may become something of a perfectionist and a stickler for
details. Your thinking is logical and intuitive, rational and responsible.
Your feelings may run deep, but you are not very likely to let them
show. This birthday makes you a more private person, more
introspective and perhaps more inflexible.
Aries Horoscope for Thursday, April 25, 2013
Although most of us when we make a decision we don`t have to worry what it will impact for the world we live in, but when you make a decision we have to remember that it does impact our society in so many ways. Our choice has to be an ethical one, regardless of the outcome. Your emotions are brought into more conscious focus these few days. You may find that you can more easily communicate your feelings at this time.
请帮助我。您多次逃避查询,以下是正确的方法:
foreach($obj->rss->channel->item as $item) {
$rows[] = "('".mysql_real_escape_string($item->title)."','".mysql_real_escape_string($item->description)."')";
}
$query = "INSERT INTO `jos_horoscope` (`title`,`description`) VALUES ".implode(', ',$rows);
mysql_query($query);
首先,您不想转义实际的插入字符串。只是要插入的值
$query = mysql_real_escape_string("INSERT INTO `jos_horoscope` (`title`,`description`) VALUES ".implode(', ',$rows));
foreachforeach$rows[]foreach($obj->rss->channel->item as $item) {
echo $item->title."\n";
echo $item->description."\n";
$title = mysql_real_escape_string($item->title);
$description = mysql_real_escape_string($item->description);
$query = "INSERT INTO `jos_horoscope` (`title`,`description`) VALUES ('$title', '$description')";
mysql_query($query);
}
然后我真的不确定删除查询的目的是什么。现在是2013年,人们还没有花时间阅读有关XSS和SQL注入的内容…@pocesar请指导我。。。我在代码中做了哪些改进..@user2320808 mysql_*函数被去除了。这并不是说它解决了您的问题,而是在phpp中正确地更正您的查询将是一个良好的开端。如果您决定切换到prepared语句,请看一看哪种方法也能解决您的问题。@Ibu我的服务器不支持mysqli。这就是我使用mysql的原因。下面您给出的improvemnet代码仍然给了我同样的问题。。请推荐一个新的。关于“[…]在foreach多次运行时格式不正确”:MySQL允许使用一个查询插入多行。@mbsurfer我试过你的代码,它可以工作,但只插入最后的标题和说明,而不是全部。请帮助解释为什么没有插入我的所有值。@请和是,我只能插入最后一个标题和说明。我可以在哪里更改代码以使其成为多个条目。
$query=“插入'jos_horoscope'('title','description','value1','value2','etc`)值('title','$description','value1','value2','etc')从所有答案来看,这是正确的答案,无论使用的是不推荐使用的函数。@user2320808从您显示的错误中,看起来您仍在多次转义。你们有魔术的报价吗?尝试禁用它。抱歉,我忘记从插入查询中删除转义。现在它成功了!!谢谢:D
foreach($obj->rss->channel->item as $item) {
echo $item->title."\n";
echo $item->description."\n";
$title = mysql_real_escape_string($item->title);
$description = mysql_real_escape_string($item->description);
$query = "INSERT INTO `jos_horoscope` (`title`,`description`) VALUES ('$title', '$description')";
mysql_query($query);
}