使用PHP插入数据库时如何避免引号
问题描述:
我对PHP非常新,如果听起来像这么简单的问题...:)
I'm quite new to PHP so sorry if sounds such an easy problem... :)
当插入内容时,我有错误信息引用到我的数据库。
这是我试图逃避引号,但没有工作:
I'm having an error message when inserting content which contains quotes into my db. here's what I tried trying to escape the quotes but didn't work:
$con = mysql_connect("localhost","xxxx","xxxxx");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("test", $con);
$nowdate = date('d-m-Y')
$title = sprintf($_POST[title], mysql_real_escape_string($_POST[title]));
$body = sprintf($_POST[body], mysql_real_escape_string($_POST[body]));
$sql="INSERT INTO articles (title, body, date) VALUES ('$title','$body','$nowdate'),";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
header('Location: index.php');
您可以提供任何解决方案吗?
Could you provide any solution please?
提前感谢
Mauro
答
sprintf东西
$title = mysql_real_escape_string($_POST[title]);
$body = mysql_real_escape_string($_POST[body]);