作者:xm云中竹 | 来源:互联网 | 2024-10-11 21:54
我想在MySQL的插入语句中转义单引号,但我无法使其工作。
我尝试了mysqli_real_escape_string和str_replace,但仍然收到关于单引号的MySQL错误。
//Escape String
$order_details = mysqli_real_escape_string($order_details);
$customer_name = mysqli_real_escape_string($customer_name);
$address1 = mysqli_real_escape_string($address1);
$address2 = mysqli_real_escape_string($address2);
$city = mysqli_real_escape_string($city);
$phone_number = mysqli_real_escape_string($phone_number);
$province = mysqli_real_escape_string($province);
$zip = mysqli_real_escape_string($zip);
$sql ="INSERT INTO wp_wpdatatable_4_7(transid,userid,storename,orderdate,ordernumber,productname,itemcount,sellingprice,customername,address,barangay,city,province,zipcode,contactnumber)
VALUES ('" . $transid . "','" . $user_id . "','" . $store_name . "','" . $order_date . "','" . $order_number . "','" . $order_details . "','" . $no_items . "','" . $selling_price . "','" . $customer_name . "','" . $address2 . "','" . $address1 . "','" . $city . "','" . $province . "','" . $zip . "','" . $phone_number . "' )";
京公网安备 11010802041100号