insert into product ( p_name,p_class,p_model,p_speca,p_specb,p_specc,p_specd,p_spece,p_specf,p_specg,p_spech,p_speci,p_specj,p_speck,re_,in_time, title,pic ) values ( '2222','3333333','点地方','','','fdfd','','','','','','','','',' "1. Energy saving: 70% energy than common fluorescent lamp; 2. The green environmental protection: LED tube no ultraviolet, such as infrared no radiation and contains no mercury and other harmful substances; 3. Long life: LED tube normal use for 50000 hours; 4. No stroboscopic: LED constant current work, effectively reduce LED light failure, start fast, no flash, protect eyes; 5. Reduce mosquito: different from other light source ultraviolet attract a mosquito, LED don't produce ultraviolet light, make the ring 6. Its become more clean and comfortable; 7. Color is rich: make full use of the advantage of rich color LED production various emitting light colors tubes; 8. Use chip Epistar from taiwan , luminous efficiency is the highest; 9. Shell with 1/2 aluminium, 1/2 PC material, circuit boards use high strength fiber board, combined with compact structure and assembly process, so that only the tube heat sex greatly improved, ensure that LED work in low temperature and try to minimize the LED light failure; 10.The application places: office buildings,factories,shopping malls, schools, public, indoor lighting and colour, such as home decoration and through the CE and ROHS the authentication. " ','2012-07-18 05:09:37', '特殊他','upfiles/CR-Jjbu6NnheF.JPG' )
观察红色部分结束的地方 LED don't ,很显然那个“'”么有做转义处理
既然你没有遵守 SQL 指令的书写约定,那么只有自己品尝违规的后果了
“转义字符就是让这个字符当自己,而不当其功能使用”,查了之后,才发现这样做的必要性:可以防止SQL注入攻击。能否帮忙指点一下,就我上面这段数据,如何做转义处理才算遵守SQL的书写规定?
insert into product ( p_name,p_class,p_model,p_speca,p_specb,p_specc,p_specd,p_spece,p_specf,p_specg,p_spech,p_speci,p_specj,p_speck,re_,in_time, title,pic ) values ( '2222','3333333','点地方','','','fdfd','','','','','','','','',' "1. Energy saving: 70% energy than common fluorescent lamp; 2. The green environmental protection: LED tube no ultraviolet, such as infrared no radiation and contains no mercury and other harmful substances; 3. Long life: LED tube normal use for 50000 hours; 4. No stroboscopic: LED constant current work, effectively reduce LED light failure, start fast, no flash, protect eyes; 5. Reduce mosquito: different from other light source ultraviolet attract a mosquito, LED don't produce ultraviolet light, make the ring 6. Its become more clean and comfortable; 7. Color is rich: make full use of the advantage of rich color LED production various emitting light colors tubes; 8. Use chip Epistar from taiwan , luminous efficiency is the highest; 9. Shell with 1/2 aluminium, 1/2 PC material, circuit boards use high strength fiber board, combined with compact structure and assembly process, so that only the tube heat sex greatly improved, ensure that LED work in low temperature and try to minimize the LED light failure; 10.The application places: office buildings,factories,shopping malls, schools, public, indoor lighting and colour, such as home decoration and through the CE and ROHS the authentication. " ','2012-07-18 05:09:37', '特殊他','upfiles/CR-Jjbu6NnheF.JPG' )
不要在数据插入的同时使用nl2br函数进行换行处理。我们应该遵循如下步骤:1、插入数据前使用htmlspecialchar函数进行转义【同时必须使用mysql_real_escape_string函数转义单引号和双引号】2、读取数据时使用nl2br函数处理换行或者1、插入数居前不做任何处理【但是必须使用mysql_real_escape_string函数转义单引号和双引号】2、读取数据时使用nl2br(htmlspecialchars($str))转义数据并且处理换行