All symbols after "&" stripped_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2022-12-24 04:15 出处：网络

My query: mysql::getInstance()->update(\'requests\', array(\'response\' => mysql_real_escape_string($_POST[\'status\'])), array(\'secret\' => $_POST[\'secret\'])); ?>

相关专题：php sql

My query:

mysql::getInstance()->update('requests', array('response' => mysql_real_escape_string($_POST['status'])), array('secret' => $_POST['secret'])); ?>

If i wand to add string with "&" symbol, all symbols after "&" stripped.

Example: string: !"№;%:?()_+!@#$%^&()_+

in database i see only: !"№;%:?*()_+!@#$%^

How to fix this?

update function, if anyone need:

function update($table, $updateList, $whereConditions)
{
    $updateQuery = '';
    foreach ($updateList as $key => $newValue) {
        if (!is_numeric($newValue)) {
            $newValue = "'" . $newValue . "'";
        }
        if (strlen($updateQuery) == 0) {
            $updateQuery .= '`' . $key . '` = ' .  $newValue;
        } else {
            $upda开发者_如何学GoteQuery .= ', `' . $key . '` = ' .  $newValue;
        }
    }
    return $this->query('UPDATE ' . $table . ' SET ' . $updateQuery . $this->buildWhereClause($whereConditions));
}

UPD: echo mysql::getInstance()->getLastSQL() says:

UPDATE requests SET `response` = '!\"№;%:?*()_ !@#$%^' WHERE `secret` = '52a4ab5f7f3e8491e60b71db7d775ee2'

so, problem with function update in mysql class?

Slaks, i need to use str_replace('&', '%28', $query); ?

You're probably passing a raw & character in the querystring, which causes everything after the & to be parsed as second parameter by PHP. (Before it gets into your variable)

You need to escape the & as %26.

EDIT: You need to escape it before you send it to the server. (When you make the HTTP request)