mysql真正转义包含对象的数组？

问题描述：

I have an array that I need to sanitize before putting it in a cell on a mysql database. The code i'm trying seems to work. But as soon as there are characters like ' it throws errors and thats not good. Here's what i've tried, any ideas whats wrong?

 function submitLogDb($array,$id,$title)
       {
            function mysql_real_escape_array($var) 
            {
                foreach($var as $line)
                {
                mysql_real_escape_string($line['msg']);
                }

              return $var;
            }


            $title=mysql_real_escape_string($title);

            $array=mysql_real_escape_array($array);

            return mysql_query("INSERT INTO logs (text,id,title) VALUES ('".serialize($array)."','$id','$title')");


       }

EDIT: Just incase it helps, heres what some of the objects might look like in the array:

[1] 
  icon = ""
  msg = "this is a test"
  name = "Them: "
  systemMsg = 0
[2]
  icon = ""
  msg = "yep it sure is"
  name = "You: "
  systemMsg = 0

我有一个数组，我需要在将它放入mysql数据库的单元格之前进行清理。我正在尝试的代码似乎工作。但是，只要有像'它会抛出错误而且不好的字符。这是我尝试过的，任何想法都错了吗？ p>

  function submitLogDb（$ array，$ id，$ title）
 {
 function mysql_real_escape_array（$ var）\  n {
 foreach（$ var as $ line）
 {
 mysql_real_escape_string（$ line ['msg']）; 
} 
 
返回$ var; 
} 
 
 
 $ title  = mysql_real_escape_string（$ title）; 
 
 $ array = mysql_real_escape_array（$ array）; 
 
返回mysql_query（“INSERT INTO logs（text，id，title）VALUES（'”。serialize（$ array）。“  '，'$ id'，'$ title'）“）; 
 
 
} 
  code>  pre> 
 
 编辑：
只是有帮助，继承人 对象可能看起来像在数组中： p> 
 
 
  [1] 
 icon =“”
 msg =“这是一个测试”
 name =“他们：  “
 systemMsg = 0 
 [2] 
 icon =”“
 msg =”是的，确定是“
 name =”你：“
 systemMsg = 0 
  code>  pre>  
  div>

答

mysql_real_escape_string the output of serialization of the array.

$data_to_insert = mysql_real_escape_string(serialize($array));

mysql真正转义包含对象的数组？

相关推荐