开发者

How to escape a dot in mysql query?

问答 作者:

The values of the array $rf contain a dot:

  $rf = array(img34563.jpg , img34536.jpg);

  $query = "SELECT * FROM $appin_table WHERE img IN ( ".implode( ',' , $rf )."";
  $result = mysql_query($query)
  or die(mysql_error());

How could I escape the dot, is that possible?

Thanks in开发者_JAVA技巧 advance.

Escaping the dot alone won't help you; you'll end up with a query like that:

SELECT * FROM table WHERE img IN(img34563.jpg , img34536.jpg)

You'll have to apply quotes before:

function quote($k)
   {
      return '"' . mysql_real_escape_string($k) . '"';
   }

$values = array_map('quote', $rf);
$query = "SELECT * FROM $appin_table WHERE img IN ( ".implode( ',' , $values )."";

To avoid escaping, use a prepared statement:

$rf = array('img34563.jpg', 'img34536.jpg');

$db_connection = new mysqli("localhost", "user", "pass", "db");
$statement = $db_connection->prepare("SELECT * FROM $appin_table WHERE img IN (?,?)");
$statement->bind_param("ss", $rf[0], $rf[1]);
$statement->execute();

More info: http://www.php.net/manual/en/mysqli.prepare.php

继续阅读:arraysescaping

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9