|
When inserting a string with single quotes or double quotes into the MySQL database, if it is a single string, you can consider escaping it with a backslash. What if a large amount of data needs to be converted? Please refer to the introduction in this article.
If there is a large amount of content that needs to be escaped, you can consider the mysql_real_escape_string function: mysql_real_escape_string — Escapes special characters in strings used in SQL statements, taking into account the connection's current character set. Note: This function does not escape % and _. In addition, it is best not to use this function for the entire SQL statement, but to escape only the string parameters passed into the SQL statement, otherwise accidents will occur quietly. Example:
<?php
$item = "Zak's and Derick's Laptop";
$escaped_item = mysql_real_escape_string($item);
printf ("Escaped string: %sn", $escaped_item);
?>Copy after login Test it in your own program to see the result of this escape. |
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
