在存入数据库之前先替换掉,以下是一些替换:
function safe_convert($d) {
$d = str_replace("'","'",$d);
$d = str_replace("\t","",$d);
$d = str_replace("<","<",$d);
$d = str_replace(">",">",$d);
$d = str_replace("|","I",$d);
$d = str_replace(" "," ",$d);
return $d;
}
存入数据库之前先用safe_convert($d)将这段字符串里面的可能会引起问题的字符替换掉
function safe_convert($d) {
$d = str_replace("'","'",$d);
$d = str_replace("\t","",$d);
$d = str_replace("<","<",$d);
$d = str_replace(">",">",$d);
$d = str_replace("|","I",$d);
$d = str_replace(" "," ",$d);
return $d;
}
存入数据库之前先用safe_convert($d)将这段字符串里面的可能会引起问题的字符替换掉
insert into send (data)values('what''s matter with the system')
insert into send(data) values("what's matter with the system");
$value="what's matter with the system";
insert into send(data) values($value);
正確的做法是採用 Mysql 的Escape 定義。
使用 \ 或 重複引號
或者乾脆使用不同的引號包含 。
insert into send (data)values('what\'s matter with the system')