在数据库中插入嵌入代码 PHP 问题
嘿,我正在尝试在我的数据库中插入嵌入代码,它给了我这个错误,
Error adding new data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'movie.php?id=6001',
type = 'stream',
embed = '<object width=\"500\" he' at line 1
现在这是我正在使用的代码:
$sql = "INSERT INTO videos SET
title = '".mysql_escape_string($title)."',
urltitle = '".slug(mysql_escape_string($title))."',
description = '',
category = 'streams',
first_img = '".mysql_escape_string($imgurl)."',
o_url = 'http://watchnewfilms.com/'".mysql_escape_string($thisUrl)."',
type = 'stream',
embed = '".mysql_escape_string($embed)."',
last_updated = '".date("Y-m-d")."',
date_added = '".date("Y-m-d")."'";
有人看到任何问题吗?
谢谢!
hey, I'm trying to insert an embed code in my database, and it's giving me this error
Error adding new data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'movie.php?id=6001',
type = 'stream',
embed = '<object width=\"500\" he' at line 1
now this is the code i'm using :
$sql = "INSERT INTO videos SET
title = '".mysql_escape_string($title)."',
urltitle = '".slug(mysql_escape_string($title))."',
description = '',
category = 'streams',
first_img = '".mysql_escape_string($imgurl)."',
o_url = 'http://watchnewfilms.com/'".mysql_escape_string($thisUrl)."',
type = 'stream',
embed = '".mysql_escape_string($embed)."',
last_updated = '".date("Y-m-d")."',
date_added = '".date("Y-m-d")."'";
anyone see any problems?
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您应该使用 mysql_real_escape_string()
并将其应用于整个值,以获得完全的安全性和更好的可读性。
就您而言,这里有一个额外的
':You should use
mysql_real_escape_string()and you should apply it on the whole value for full security and better readability.
In your case, you have an extra
'here: