极客观点
项目管理
HarmonyOS
一条查询语句 , select orderid from order where date = 20170302 AND aid ='14218902787457024'; 因为aid字段是varchar,所以为了使用索引,在传入查询条件时,需要将aid字段值用引号包起来。
但是使用mysql_real_escape_string()后,语句变成select orderid from order where date = 20170302 AND `aid` =\'14218902787457024\';语句不能执行。报You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'14218902787457024\'' at line 1 错误码是1064
mysql
mysql_real_escape_string是将所有带有特殊字符进行转义
下列字符受影响:
x00
n
r
\
'
"
x1a
假如你要转义,请将查询参数转义了再带入sql ,如
$aid = mysql_real_escape_string("14218902787457024");
$date = mysql_real_escape_string("20170302");
select orderid from order where date = $date AND aid ='$aid'