无法获得mysql查询使用双或单qoute [复制](Can't get mysql query to work with double or single qoute [duplicate])
这个问题在这里已经有了答案:
何时使用单引号,双引号和MySQL 11回答我正在摸索着让这些代码行起作用,但没有成功......如果有人能指出编写这样的查询的最佳做法是什么,那该多好啊?
if(isset($_POST) && $_POST["id"] > 0) { include('../../config.php'); $id = $_POST["id"]; $title = mysql_real_escape_string($_POST["title"]); $desc = mysql_real_escape_string($_POST["desc"]); $cat = $_POST["catid"]; $_DB->Execute("UPDATE gallery_imgs SET title = `$title`, description = `$desc` WHERE id = $id"); header("location: admin.php?mode=images&id=$cat"); } else { //Other stuff! }这是我得到的错误:
Error number: 1054 Error : Unknown column 'The SIEK!' in 'field list'This question already has an answer here:
When to use single quotes, double quotes, and backticks in MySQL 12 answersI am scratching my head to make this lines of code to work, but no success...Would be nice if someone can point out what is the best practice to write such queries?
if(isset($_POST) && $_POST["id"] > 0) { include('../../config.php'); $id = $_POST["id"]; $title = mysql_real_escape_string($_POST["title"]); $desc = mysql_real_escape_string($_POST["desc"]); $cat = $_POST["catid"]; $_DB->Execute("UPDATE gallery_imgs SET title = `$title`, description = `$desc` WHERE id = $id"); header("location: admin.php?mode=images&id=$cat"); } else { //Other stuff! }This is the error I get:
Error number: 1054 Error : Unknown column 'The SIEK!' in 'field list'最满意答案
首先,你已经对字符串值调用了mysql_real_escape_string() ,但是你还必须验证$_POST['id'] 。
// invalid string values will convert to integer 0 // If that is not allowable, you should not proceed with the query. $id = intval($_POST['id']);输入字符串必须用单引号括起来,而不是反引号(用于列和表标识符);
$_DB->Execute("UPDATE gallery_imgs SET title = '$title', description = '$desc' WHERE id = $id");另外,在使用重定向头文件之前,您应该验证$_POST['catid']的内容。 例如,如果它应该是数字:
// At least cast it to an int if it is an invalid string.... $catid = intval($_POST['catid']);First, you have called mysql_real_escape_string() on the string values, but you must also validate the contents of $_POST['id'].
// invalid string values will convert to integer 0 // If that is not allowable, you should not proceed with the query. $id = intval($_POST['id']);Input strings must be enclosed in single quotes, not backquotes (which are used for column and table identifiers);
$_DB->Execute("UPDATE gallery_imgs SET title = '$title', description = '$desc' WHERE id = $id");As an aside, you should validate the contents of $_POST['catid'] before using it in a redirection header. For example, if it is supposed to be numeric:
// At least cast it to an int if it is an invalid string.... $catid = intval($_POST['catid']);#感谢您对电脑配置推荐网 - 最新i3 i5 i7组装电脑配置单推荐报价格的认可,转载请说明来源于"电脑配置推荐网 - 最新i3 i5 i7组装电脑配置单推荐报价格
上一篇:获得一组拉斐尔物体的BBox?(Get BBox of a GROUP of Raphael objects?)
下一篇:从android发送文件到Dropbox(Sending file to dropbox from android)
推荐阅读
| 留言与评论(共有 6 条评论) |
| 本站网友 刘功臣 | 10分钟前 发表 |
| you should validate the contents of $_POST['catid'] before using it in a redirection header. For example | |
| 本站网友 第五大道吧 | 24分钟前 发表 |
| admin.php?mode=images&id=$cat"); } else { //Other stuff! } This is the error I get | |
| 本站网友 张文友 | 2分钟前 发表 |
| 但没有成功......如果有人能指出编写这样的查询的最佳做法是什么 | |
| 本站网友 马钢集团 | 23分钟前 发表 |
| 那该多好啊? if(isset($_POST) && $_POST["id"] > 0) { include('../../config.php'); $id = $_POST["id"]; $title = mysql_real_escape_string($_POST["title"]); $desc = mysql_real_escape_string($_POST["desc"]); $cat = $_POST["catid"]; $_DB->Execute("UPDATE gallery_imgs SET title = `$title` | |
| 本站网友 非洲牛郎门 | 9分钟前 发表 |
| description = '$desc' WHERE id = $id"); As an aside | |