我遇到SQL查询问题。 SQL语句已通过mysqli_real_escape_string传递,但我仍然收到SQL语法错误。代码适用于99.9%的网站,但以下不起作用。它可能非常简单,但我无法发现它。任何帮助将不胜感激。
"UPDATE text_t SET copy=\'<table cellspacing=3>\r\n <tr><td class=\"infogrey\">Secretary</td><td class=\"infogrey\">Some Name</td><td class=\"infogrey\">Telephone: 01794 123456 <br><a href=\"contact.php?type=Contact_Secretary\" target=\"content\" class=\"infogrey\" onMouseOver=\"window.status=\'contact\'; return true\" onMouseOut=\"window.status=\'\'; return true\"><strong>Email Some Name</strong></a></td></tr>\r\n <tr><td class=\"infogrey\">Chairman</td><td class=\"infogrey\">Some Name</td><td class=\"infogrey\"><a href=\"contact.php?type=Contact_Chairman\" target=\"content\" class=\"infogrey\" onMouseOver=\"window.status=\'contact\'; return true\" onMouseOut=\"window.status=\'\'; return true\"><strong>Email Some Name</strong></a></td></tr>\r\n\r\n <tr><td class=\"infogrey\">Club Kit</td><td class=\"infogrey\">Some Name</td><td class=\"infogrey\"><a href=\"contact.php?type=Club_Kit\" target=\"content\" class=\"infogrey\" onMouseOver=\"window.status=\'contact\'; return true\" onMouseOut=\"window.status=\'\'; return true\"><strong>Email Some Name</strong></a></td></tr>\r\n\r\n <tr><td colspan=2 class=\"infogrey\">For General queries </td> <td><a href=\"contact.php?type=General_Query\" target=\"content\" class=\"infogrey\" onMouseOver=\"window.status=\'contact\'; return true\" onMouseOut=\"window.status=\'\'; return true\"><b>Email Cycling Club</b></a></td></tr>\r\n <tr><td colspan=2 class=\"infogrey\">Any membership queries </td><td><a href=\"contact.php?type=Contact_Editor\" target=\"content\" class=\"infogrey\" onMouseOver=\"window.status=\'contact\'; return true\" onMouseOut=\"window.status=\'\'; return true\"><strong>Email Some Name</strong></a></td></tr>\r\n
... </table>\' WHERE id=8"
答案 0 :(得分:1)
由于您使用双引号"来包装查询字符串,因此您不应该在列副本中转义两个单引号':
$query = "UPDATE text_t
SET copy='" . mysqli_real_escape_string($dblink, $string) . "'
WHERE id=8";
看起来您可能想修改PHP中的mysqli_real_escape_string PHP函数和difference between single and double quotes:)