更新时间:2023-02-05 21:49:24
好吧,也许最简单的解决方案是使用 mysql_real_escape_string() 函数,如下所示:
Well, maybe the simplest solution is to use mysql_real_escape_string() function like this:
$opendb = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname);
$text = $_POST['text'];
mysql_query("UPDATE table SET text='" . mysql_real_escape_string($text) . "' WHERE
id='" . $_GET['id'] . "'");
mysql_close($opendb);
使用此代码,您可以将 $text 变量中的特殊字符保存到数据库中.
using this code you could allow special characters in $text variable to be saved into the database.
你也应该转义 $_GET['id'].
You should escape $_GET['id'] also.