我在这里尝试从 textarea 中将值从 php 插入到 mysql 数据库中。
<textarea cols="43" rows="5" class="reject-textarea" name="reject_reason"></textarea>
这里 $reject_for = $_GET['reject_reason'];
是我从 html 表单的文本区域中获取的值。
当我键入 This product does't suit for our requirement
时出现错误,
错误:更新记录时出错:您的 SQL 语法有误;检查与您的 MySQL 服务器版本对应的手册,了解在第 1 行的“nt suit for requirement”)'附近使用的正确语法
但是当我键入 This product does not suit for our requirement
时,我没有收到任何错误。
我认为 This product does't suit for our requirement
中的“'
”有问题
我该如何解决:
<?php
require_once('configuration.php');
$product_id = $_GET['product_id'];
$reject_for = $_GET['reject_reason'];
if (isset($product_id,$reject_for)){
rejectProduct($product_id,$reject_for);
} else {
echo "Are you trying to do something nasty??";
}
function rejectProduct($product_id,$reject_for)
{
$conn = new mysqli(db_host, db_user, db_password, db_name);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO rejected_products(product_id,reason_to_reject) VALUES ($product_id,'$reject_for')";
$result = $conn->query($sql);
if ($conn->query($sql) === TRUE) {
updateProduct($product_id);
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
}
?>
最佳答案
像使用mysqli_real_escape_string
$reject_for = mysqli_real_escape_string($_GET['reject_reason']);
或者更好的是你应该使用 prepared statements
.
关于php - Mysql Error updating record syntax to use near 't suit to the product which is described above' )' 在第 1 行,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32817021/