Welcome to 16892 Developer Community-Open, Learning,Share
menu search
person
editAsk a Question
Welcome To Ask or Share your Answers For Others

Categories

MySQL like 查询时 字符中包含单引号问题

in Technique[技术] by (71.8m points)

语句拼接:

$condition .= " OR `name` LIKE concat('%',?,'%') OR `name` LIKE concat('%',?,'%'))";

            $params[] = $matches_before[1];
            $params[] = $name_all;

字符串:M&M'S

错误:
`
DB_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's%' ) GROUP BY img_url LIMIT 1' at line 1
RAW_SQL: SELECT id, name, img_url FROM material WHERE deleted_at is null and (name LIKE '%m's%' ) GROUP BY img_url LIMIT 1

`


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
3.7k views
Welcome To Ask or Share your Answers For Others

1 Answer

by (71.8m points)

特殊符号需要转义。

在程序侧 replace 吧。

P.S. 为啥不用参数化呢?不 care SQL 注入吗?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
Welcome to 16892 Developer Community-Open, Learning and Share

Just Browsing Browsing

548k questions

547k answers

4 comments

56.5k users

Most popular tags

Theme made by Momin Raza, Modified by Ostack
Powered by Question2Answer
...