But execute commands in mysql
Mysql> select * from SC where title = "my 'name ";
Or
Mysql> select * from SC where title = "my \ 'name ";
This data item can be queried. Why does it return null when executed on the php script page?
Also, the filter functions include strip_tags and htmlspespecialchars, which are used to filter out html, php code, and escape html code to ensure data security. Do I need to use these three functions?
I use the addslashes function to filter the data "my 'name" sent by the user through post, and then store the data in mysql.
However, when I execute
$ Conn = new mysqli ('2017. 0.0.1 ', 'root', '', 'book _ SC ');
$ Re = $ conn-> query ("select * from SC where title = '". "my 'name "."'");
Var_dump ($ re-> num_rows); // the return value is NULL.
But execute commands in mysql
Mysql> select * from SC where title = "my 'name ";
Or
Mysql> select * from SC where title = "my \ 'name ";
This data item can be queried. Why does it return null when executed on the php script page?
Also, the filter functions include strip_tags and htmlspespecialchars, which are used to filter out html, php code, and escape html code to ensure data security. Do I need to use these three functions?
I'm wondering if you want to execute$re = $conn->query("select * from sc where title='"."my'name"."'");
Why is there no error? Obviously, this SQL statement is incorrect.
This should be the case$conn->query("select * from sc where title='my\'name'")
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
