从LDAP我正在查询我的用户,这段代码将它们设置为引用格式的变量我需要运行MySQL查询,即'username','other_username'等......
foreach ($prefs as $who => $pref) {
if (strpos($who, 'public') === false) {
$team_users_string .='\'' . $who . '\',';
}
当我尝试使用以下代码清理命令时,它将字符串转换为\'username \',\'other_username \',我该怎么做才能纠正这个问题?
$team_users = rtrim($team_users_string, ",");
$start_date = $_POST['start_year'] . '-' . $_POST['start_month'];
$end_date = $_POST['end_year'] . '-' . $_POST['end_month'];
echo 'Welcome, <strong>' . $user . '</strong><br />';
echo '<br />';
echo '<strong>Selected Start Date:</strong> ' . $start_date . '<br />';
echo '<strong>Selected End Date:</strong> ' . $end_date . '<br />';
mysql_real_escape_string($team_users),
mysql_real_escape_string($start_date),
mysql_real_escape_String($end_date));
$query = "SELECT * FROM vacation WHERE user_name in ($team_users) AND day BETWEEN '$start_date-01' AND '$end_date-31'";
答案 0 :(得分:1)
您的问题是在将字符串传递给mysql_real_escape_string()之前添加引号字符。因此,字面引号会被该函数转义。
你可以通过使用mysql_real_escape_string(),然后用引号分隔结果来避免这种情况。
此外,我使用数组和implode()数组来获取逗号,而不是强制使用rtrim()最后一个逗号。
foreach ($prefs as $who => $pref) {
if (strpos($who, 'public') === false) {
$team_users_array[] = "'" . mysql_real_escape_string($who) . "'";
}
}
$team_users = implode(",", $team_users_array); // no rtrim needed