一段网页脚本插入到mysql数据库的有关问题
一段网页脚本插入到mysql数据库的问题?
这样整个一段脚本插入到mysql中,提示错误:
You have an error in your sql syntax: check the manual that corresponds to Your MySql server version for the right syntax to use near ' desc, keyward title values('<script type="text/javascript">)
var _gaq = ' at line 1
这个问题改怎么解决?
------解决方案--------------------
插入代码是怎样的,字符串是在文件里,还是直接在cs文件里写的?
------解决方案--------------------
插入的时候生成的SQL 有语法错误 是<script type="text/javascript">这些标签的问题
插入的时候要把HTML特殊标签替换掉
- JScript code
<script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-22266712-1']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? ' https://ssl' : ' http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script>
这样整个一段脚本插入到mysql中,提示错误:
You have an error in your sql syntax: check the manual that corresponds to Your MySql server version for the right syntax to use near ' desc, keyward title values('<script type="text/javascript">)
var _gaq = ' at line 1
这个问题改怎么解决?
------解决方案--------------------
插入代码是怎样的,字符串是在文件里,还是直接在cs文件里写的?
------解决方案--------------------
插入的时候生成的SQL 有语法错误 是<script type="text/javascript">这些标签的问题
插入的时候要把HTML特殊标签替换掉
- C# code
/// <summary> /// 插入SQL时替换字符 /// </summary> /// <param name="str"></param> /// <returns></returns> public static string Encode(string str) { str = str.Replace("'", "''"); str = str.Replace("\"", """); str = str.Replace("<", "<"); str = str.Replace(">", ">"); str = str.Replace("\n", "<br>"); str = str.Replace("“", "“"); str = str.Replace("”", "”"); return str; } /// <summary> /// 取SQL值时还原字符 /// </summary> /// <param name="str"></param> /// <returns></returns> public static string Decode(string str) { str = str.Replace("”", "”"); str = str.Replace("“", "“"); str = str.Replace("<br>", "\n"); str = str.Replace(">", ">"); str = str.Replace("<", "<"); str = str.Replace(""", "\""); str = str.Replace("''", "'"); return str; }
------解决方案--------------------
脚本入库前处理一下:htmlspecialchars
------解决方案--------------------
------解决方案--------------------
是不是转义符造成的?
php.ini文件里的magic_quotes_gpc设成了off,那么PHP就不会在敏感字符前加上反斜杠(\)