問題描述

好的，所以我更新數據庫表的代碼具有以下不同的風格:

Alright, so my code to update my database tables is varying flavours of the following:

$query = "
  insert into Comment 
    (Comment, CommentDate, Rating, UserRid) 
  values 
    (:comment, now(), 0, :userrid )" ;

try {           
  $db_conn = new PDO('mysql:host='.$db_server.';dbname='.$db_name, $db_username, $db_password );

  $db_conn->beginTransaction();
  $prep = $db_conn->prepare($query);
  $prep->bindParam(':comment', $comment, PDO::PARAM_STR, 500);
  $prep->bindParam(':userrid', $userrid, PDO::PARAM_INT, 20);
  $prep->execute();

  $db_conn->commit();
} catch (PDOException $e)  {
  $db_conn.rollBack();
  echo "Error!: " . $e->getMessage() . "<br/>";
  die();
}

在上面，評論來自另一個頁面的帖子.正在通過函數調用正確設置用戶 ID.一切正常，除了斜線被添加到表格中.

In the above, comment comes in via Post from another page. Userrid is being set properly via a function call. Everything works properly, except the slashes get added to the table.

我讀過的所有內容都說，為了在有人輸入撇號時避免使用斜杠，我應該使用參數化查詢.如果我沒記錯的話，我很確定這就是我正在做的.我錯過了什么嗎?有人可以讓我知道我做錯了什么嗎?

Everything I've read says that in order to get around having slashes whenever someone types in an apostrophe that I should be using parameterized queries. If I'm not mistaken, I'm pretty sure that's what I'm doing. Am I missing something? Can anybody let me know what I'm not doing right?

提前致謝，邁克爾

推薦答案

可能你已經magic_quotes_gpc() 開啟，你需要做這樣的事情:

Probably ou've magic_quotes_gpc() turned on, you need to do something like this:

if (get_magic_quotes_gpc() == true)
{
    $comment = stripslashes($comment);
    $userrid = stripslashes($userrid);
}

如果您使用的是 PHP 5.3+，您可以通過將以下代碼行放在文件頂部來擺脫所有魔術引用的變量:

If you're using PHP 5.3+ you can get rid of all magic quoted variables by placing the following lines of code on the top of your file:

if (get_magic_quotes_gpc() === 1)
{
    $_GET = json_decode(stripslashes(json_encode($_GET, JSON_HEX_APOS)), true);
    $_POST = json_decode(stripslashes(json_encode($_POST, JSON_HEX_APOS)), true);
    $_COOKIE = json_decode(stripslashes(json_encode($_COOKIE, JSON_HEX_APOS)), true);
    $_REQUEST = json_decode(stripslashes(json_encode($_REQUEST, JSON_HEX_APOS)), true);
}

如果您運行的是較低版本的 PHP，您應該采取看看這個頁面.

If you're running a lower version of PHP you should take a look at this page.

這篇關于MySQL 表中的斜線，但使用 PDO 和參數化查詢.這是怎么回事?的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！