但係我果行字有 ' 呢個符號
咁可以點做???
因為我句sql 係 UPDATE staff SET address = 'xxxx'
而address入面有會入到 ' 呢個符號, 個databse就以後我完左個value...
之後就update唔到句野...
有咩方法可以 avoid 呢
更新1:
我用php寫gei
SQL statement
2010-05-09 12:51 am
如果我想insert or update一個field 入sql~
但係我果行字有 ' 呢個符號
咁可以點做???
因為我句sql 係 UPDATE staff SET address = 'xxxx'
而address入面有會入到 ' 呢個符號, 個databse就以後我完左個value...
之後就update唔到句野...
有咩方法可以 avoid 呢
但係我果行字有 ' 呢個符號
咁可以點做???
因為我句sql 係 UPDATE staff SET address = 'xxxx'
而address入面有會入到 ' 呢個符號, 個databse就以後我完左個value...
之後就update唔到句野...
有咩方法可以 avoid 呢
回答 (3)
2010-05-09 5:27 am
✔ 最佳答案
係SQL STATEMENT入面可以用 \ 放係個 ' 的前面~咁就會比你入好似 insert xxx values( '\'dasd', 'zzz','zzz')
就可以比你入到~
唔太記得係 / 定係 \ ~自己試下~
參考: 自己
2010-05-09 6:22 pm
正如其他人所言,方法就係將特殊嘅字加反斜線去Escape佢哋
如果用PHP,有幾個Function可以幫你將啲Input escape
string addslashes (string $str)
將「'」、「"」、「\」同NULL加上反斜線
mixed filter_var
(mixed $variable [, int $filter =
FILTER_DEFAULT [, mixed $options]])
mixed filter_input (int $type, string $variable_name [, int $filter = FILTER_DEFAULT [, mixed $options]])
mixed filter_var_array
(array $data [, array $definition])
mixed filter_input_array
(int $type [, array $definition])
Apply filter落一個 / 一組variable / input,呢個case filter可以係FILTER_SANITIZE_MAGIC_QUOTES,詳細請睇PHP manual - Data Filtering
string mysql_real_escape_string (string $unescaped_string[, resource $link_identifier])
MySQL嘅Escape function,更加被建議喺Query之前用
如果用PHP,有幾個Function可以幫你將啲Input escape
string addslashes (string $str)
將「'」、「"」、「\」同NULL加上反斜線
mixed filter_var
(mixed $variable [, int $filter =
FILTER_DEFAULT [, mixed $options]])
mixed filter_input (int $type, string $variable_name [, int $filter = FILTER_DEFAULT [, mixed $options]])
mixed filter_var_array
(array $data [, array $definition])
mixed filter_input_array
(int $type [, array $definition])
Apply filter落一個 / 一組variable / input,呢個case filter可以係FILTER_SANITIZE_MAGIC_QUOTES,詳細請睇PHP manual - Data Filtering
string mysql_real_escape_string (string $unescaped_string[, resource $link_identifier])
MySQL嘅Escape function,更加被建議喺Query之前用
2010-05-09 8:05 am
係用兩個 ' 符號
Smith's Grocery 寫成 Smith''s Grocery
UPDATE vendor SET name = 'Smith''s Grocery'
2010-05-09 00:11:17 補充:
ANSI standards specify that using the backslash character (\) to escape single (' ') or double (" ") quotation marks is illegal.
Smith's Grocery 寫成 Smith''s Grocery
UPDATE vendor SET name = 'Smith''s Grocery'
2010-05-09 00:11:17 補充:
ANSI standards specify that using the backslash character (\) to escape single (' ') or double (" ") quotation marks is illegal.
收錄日期: 2021-04-25 20:34:28
原文連結 [永久失效]:
https://hk.answers.yahoo.com/question/index?qid=20100508000051KK00952