


Now when I submit the character ' I get the following error listed below other then that everything is okay when I submit words. I am using htmlentities() and I still get this error.


How can I prevent this error from happening is there a way I can allow or convert or stop the character ' form displaying as an error?


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''')'



You need to escape the strings you are sending in your SQL queries.

为此,您可以使用 mysql_real_escape_string 函数.

For that, you can use the mysql_real_escape_string function.


For instance, your code might look like this (not tested, but something like this should do the trick) :

$str = "abcd'efh";
$sql_query = "insert into my_table (my_field) values ('"
  . mysql_real_escape_string($str)
  . "')";
$result = mysql_query($sql_query);

(但是,由于您将需要更改更多的代码,这将需要更多的工作)的另一种解决方案是使用准备好的语句;使用 mysqli_* PDO ,但使用旧的mysql_*扩展名则无法实现.

Another solution (Will require more work, though, as you'll have to change more code) would be to use prepared statements ; either with mysqli_* or PDO -- but not possible with the old mysql_* extension.


Edit : if this doesn't work, can you edit your question, to give us more informations ? Like the piece of code that causes the error ?


08-31 06:35