How to escape a dot in mysql query?_问答_开发者

开发者 https://www.devze.com 2023-01-30 14:14 出处：网络

The values of the array $rf contain a dot: $rf = array(img34563.jpg , img34536.jpg); $query = \"SELECT * FROM $appin_table WHERE img IN ( \".implode( \',\' , $rf ).\"\";

The values of the array $rf contain a dot:

  $rf = array(img34563.jpg , img34536.jpg);

  $query = "SELECT * FROM $appin_table WHERE img IN ( ".implode( ',' , $rf )."";
  $result = mysql_query($query)
  or die(mysql_error());

How could I escape the dot, is that possible?

Thanks in开发者_JAVA技巧 advance.

Escaping the dot alone won't help you; you'll end up with a query like that:

SELECT * FROM table WHERE img IN(img34563.jpg , img34536.jpg)

You'll have to apply quotes before:

function quote($k)
   {
      return '"' . mysql_real_escape_string($k) . '"';
   }

$values = array_map('quote', $rf);
$query = "SELECT * FROM $appin_table WHERE img IN ( ".implode( ',' , $values )."";

To avoid escaping, use a prepared statement:

$rf = array('img34563.jpg', 'img34536.jpg');

$db_connection = new mysqli("localhost", "user", "pass", "db");
$statement = $db_connection->prepare("SELECT * FROM $appin_table WHERE img IN (?,?)");
$statement->bind_param("ss", $rf[0], $rf[1]);
$statement->execute();

More info: http://www.php.net/manual/en/mysqli.prepare.php