Mysql problems "select * from databases where 'name' = 'my name '"
An error occurs when my name is changed to I'm xiao. how can this problem be solved ????
"Select * from databases where 'name' = 'I'm xiao '"
Reply to discussion (solution)
1. "select * from databases where 'name' = 'my name '"
The field name is ', the symbol below ESC, not single quotes
2. I'm xiao has single quotation marks, so the single quotation marks in 'I'm xiao' will cause confusion.
Escape
Addslashes -- use a backslash to reference a string
Mysql_real_escape_string -- escape special characters in strings used in SQL statements and take into account the connected current character set
Use escape.
Addslashes first processes variables
Mysql_real_escape_string is directly used in SQL
Use escape characters to carefully check the code.
I cannot understand how to write
It is to add the \ symbol to escape with a special character.
It is to add the \ symbol to escape with a special character.
Positive solution on the second floor ~~~ Escape and OK ..
Your current SQL is easy to inject
Need to escape. addslash or mysql_real_escape_string
Try using escape!