mysql真正转义包含对象的数组?
问题描述:
I have an array that I need to sanitize before putting it in a cell on a mysql database. The code i'm trying seems to work. But as soon as there are characters like ' it throws errors and thats not good. Here's what i've tried, any ideas whats wrong?
function submitLogDb($array,$id,$title)
{
function mysql_real_escape_array($var)
{
foreach($var as $line)
{
mysql_real_escape_string($line['msg']);
}
return $var;
}
$title=mysql_real_escape_string($title);
$array=mysql_real_escape_array($array);
return mysql_query("INSERT INTO logs (text,id,title) VALUES ('".serialize($array)."','$id','$title')");
}
EDIT: Just incase it helps, heres what some of the objects might look like in the array:
[1]
icon = ""
msg = "this is a test"
name = "Them: "
systemMsg = 0
[2]
icon = ""
msg = "yep it sure is"
name = "You: "
systemMsg = 0
我有一个数组,我需要在将它放入mysql数据库的单元格之前进行清理。 我正在尝试的代码似乎工作。 但是,只要有像'它会抛出错误而且不好的字符。 这是我尝试过的,任何想法都错了吗? p>
function submitLogDb($ array,$ id,$ title)
{
function mysql_real_escape_array($ var)\ n {
foreach($ var as $ line)
{
mysql_real_escape_string($ line ['msg']);
}
返回$ var;
}
$ title = mysql_real_escape_string($ title);
$ array = mysql_real_escape_array($ array);
返回mysql_query(“INSERT INTO logs(text,id,title)VALUES('”。serialize($ array)。“ ','$ id','$ title')“);
}
code> pre>
编辑:
只是有帮助,继承人 对象可能看起来像在数组中: p>
[1]
icon =“”
msg =“这是一个测试”
name =“他们: “
systemMsg = 0
[2]
icon =”“
msg =”是的,确定是“
name =”你:“
systemMsg = 0
code> pre>
div>
答
mysql_real_escape_string
the output of serialization of the array.
$data_to_insert = mysql_real_escape_string(serialize($array));