从PHP中的API中删除单引号(')[重复]
问题描述:
This question already has an answer here:
- How can I prevent SQL injection in PHP? 28 answers
I JSON decode a page with PHP, but sometimes there's a name like 'M'gladbach' or 'Côte d'Ivoire' and then the SQL sees the first single quote as a stop so it gives me the error after the 'Côte d' Can somebody help me with this problem ? I know you can do 'Côte d''Ivoire' but as I get all the info from a API I can't put double quotes in it. Thanks a lot.
</div>
此问题已经存在 这里有一个答案: p>
-
如何在PHP中阻止SQL注入?
28 answers
span>
li>
ul>
div>
I JSON使用PHP解码页面,但有时会有一个名称,如' M'gladbach'或'Côted'Ivoire'然后SQL看到第一个单引号作为停止因此它在'Côted'之后给我错误可以有人帮我解决这个问题吗? 我知道你可以做' Côted''Ivoire'但是当我从API中获取所有信息时,我不能在其中加入双引号。 非常感谢。 p> div>
答
The proper way to do it is
$item = "Côte d'Ivoire";
$escaped_item = mysqli_escape_string($item);
printf("Protected string : %s
", $escaped_item);
Now it is safe to put e.g. in a database.
答
use double quotes
"M'gladbach"