$dep=$_SESSION['dep'];
$type="DON’T DO’S";
$res= mysql_query("select * from treatment where treatment_dep='$dep' and treatment_type='$type'");
while($res1= mysql_fetch_array($res)){
echo $res1['treatment_treatment'];
}
此查询仅在我删除"和treatment_type =' $ type'"来自查询。这是因为$ type包含单引号。
如何编写查询来解决此类问题。
答案 0 :(得分:-1)
这将帮助您检查错误。
// Perform Query
$result = mysql_query($query);
// Check result
// This shows the actual query sent to MySQL, and the error. Useful for debugging.
if (!$result) {
$message = 'Invalid query: ' . mysql_error() . "\n";
$message .= 'Whole query: ' . $query;
die($message);
}
答案 1 :(得分:-1)
$dep=$_SESSION['dep'];
$type="DON’T DO’S";
//Sanitize it for SQL as follows
$type = str_replace("'", "''", trim($type));
//Sanitization Complete
$res= mysql_query("select * from treatment where treatment_dep='$dep' and treatment_type='$type'");
while($res1= mysql_fetch_array($res)){
echo $res1['treatment_treatment'];
}
答案 2 :(得分:-1)
尝试在您的变量中将引号字符更改为\',如下所示:
$type = "DON\'T DO\'S";
如果您需要为动态数据执行此操作,可以使用
$type = strtr($type, "'", "\'");