Php Can';不能让mysql查询使用双qoute或单qoute
我绞尽脑汁想让这几行代码正常工作,但没有成功……如果有人能指出编写此类查询的最佳实践是什么,那就太好了Php Can';不能让mysql查询使用双qoute或单qoute,php,mysql,Php,Mysql,我绞尽脑汁想让这几行代码正常工作,但没有成功……如果有人能指出编写此类查询的最佳实践是什么,那就太好了 if(isset($_POST) && $_POST["id"] > 0) { include('../../config.php'); $id = $_POST["id"]; $title = mysql_real_escape_string($_POST["title"]); $desc = mysql_rea
if(isset($_POST) && $_POST["id"] > 0)
{
include('../../config.php');
$id = $_POST["id"];
$title = mysql_real_escape_string($_POST["title"]);
$desc = mysql_real_escape_string($_POST["desc"]);
$cat = $_POST["catid"];
$_DB->Execute("UPDATE gallery_imgs SET title = `$title`, description = `$desc` WHERE id = $id");
header("location: admin.php?mode=images&id=$cat");
}
else
{
//Other stuff!
}
Error number: 1054
Error : Unknown column 'The SIEK!' in 'field list'
首先,您对字符串值调用了
mysql\u real\u escape\u string()$\u POST['id']// invalid string values will convert to integer 0
// If that is not allowable, you should not proceed with the query.
$id = intval($_POST['id']);
$\u POST['catid']// At least cast it to an int if it is an invalid string....
$catid = intval($_POST['catid']);
首先,您对字符串值调用了
mysql\u real\u escape\u string()$\u POST['id']// invalid string values will convert to integer 0
// If that is not allowable, you should not proceed with the query.
$id = intval($_POST['id']);
$\u POST['catid']// At least cast it to an int if it is an invalid string....
$catid = intval($_POST['catid']);
这些不是你在那里使用的单引号。勾号`表示列名。这里使用的不是单引号。勾号`表示列名。MySQL使用单引号包装字符串。像这样:‘
$_DB->Execute("UPDATE gallery_imgs SET title = '$title', description = '$desc' WHERE id = $id");
提示:要获得更健壮、更安全的MySQL解决方案,您应该看看PHP PDO MySQL使用单引号包装字符串。像这样:‘
$_DB->Execute("UPDATE gallery_imgs SET title = '$title', description = '$desc' WHERE id = $id");
提示:要获得更健壮、更安全的MySQL解决方案,您应该看看PHP PDO 如果$title是“
现在不要看!mysql\u escape\u string()mysql\u real\u escape\u string()现在不要看!mysql\u escape\u string()mysql\u real\u escape\u string()