hii 有 php 代码将带有图像的文本插入到我的 sql 数据库中,所以问题是当我插入带有 ' 符号的文本时它不会插入,然后当我插入不带 ' 符号的文本时它工作正常 这是我的代码我该如何解决这个问题
<?php
session_start();
if ((isset($_SESSION['admin'])))
{
require_once("../dbconfig.php");
?>
<form method="post" name="data_table" enctype="multipart/form-data">
<?php
error_reporting(0);
if(isset($_POST['add2'])){
include_once '../dbconfig.php';
$username=$_SESSION["admin"];
$subject=$_POST['subject'];
$description=$_POST['description'];
$image = rand(1000,100000)."-".$_FILES['image']['name'];
if(!isset($image))
echo"Please Upload Image";
else{
$file_loc = $_FILES['image']['tmp_name'];
$file_size = $_FILES['image']['size'];
$file_type = $_FILES['image']['type'];
$folder="uploads-about/";
$new_size = $file_size/1024;
$new_file_name = strtolower($image);
$final_image=str_replace(' ','-',$new_file_name);
if(move_uploaded_file($file_loc,$folder.$final_image))
{
$sql="INSERT INTO about (subject,description,image)
VALUES ('$subject','$description','$final_image')";
$result=mysql_query($sql);
if($result)
{
echo "<font size='5px'><div align='center'>Successful</div></font>";
}else
{
echo "<font size='5px'><div align='center'>errror</div></font>";
} }
else{
echo "<font size='5px'><div align='center'>Select image to upload</div></font>";
}
}
mysql_close();
}
?>
<div align="center">
<br>
<label for="Username">Subject: </label>         
<input type="text" name="subject" id="Username" style="width:500px;height:40px" />
<br><br>
<label for="Password">Description: </label>  
<textarea name="description" id="Password" style="width:500px;height:100px" ></textarea>
<br><br>
<label for="image">Select Image</label>
<input type="file" class="button purple image" name="image" accept="image/*" id="username" capture />
<br><br><br>
<button name="add2" value="log in" class="button purple add"><span>ADD</span></button>
</div>
</form>
<?php } ?>
最佳答案
PHP addslashes会有所帮助,但您应该使用以下方法清理数据:
PPS : Prepared Parameterized Statements. This will help Preventing SQL injection
此外,它还会为您处理这个问题,使所有内容更加安全,并且代码更具可读性:)
编辑:不想吸血鬼,正如 @TimBiegeleisen 的评论中所述...
关于php - 无法输入 ' 符号将其插入 mysql 数据库,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43716110/