如何在 MySQL 表中创建包含空格和通配符的 SQL 表名?
我正在寻找一种在 MySQL 表中存储带有空格和通配符的值的方法。这怎么能做到呢?我尝试过使用 mysql_real_escape_string ,但由于某种原因它仍然不会创建带有通配符的表。我一直在做一些研究,我知道这并不复杂,但找不到我要找的东西。
插入示例:
$sql = "CREATE TABLE " . $_COOKIE['username'] . "_" . mysql_real_escape_string($wildcard_name) . "
(
example int,
example2 varchar(999),
example3 varchar(999),
example4 varchar(999)
)";
mysql_query($sql,$con);
尝试添加斜杠:
$con = mysql_connect("server","user","pass");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$scrapbook_name = $_POST["scrapbook_name"];
$scrapbook_name = mysql_real_escape_string($scrapbook_name);
$scrapbook_name = addcslashes($scrapbook_name, '%_');
// Create table
mysql_select_db("user_scrapbooks", $con);
$sql = "CREATE TABLE " . $_COOKIE['user'] . "_" . $scrapbook_name . "
(
id int,
name varchar(999),
description varchar(999),
link varchar(999)
)";
mysql_query($sql,$con);
I am looking for a way to store a value with spaces and wildcard characters in a MySQL table. How can this be done? I have tried using mysql_real_escape_string but for some reason it still won't create a table with the wildcard characters. I've been doing some research and I know it's not that complicated but can't find what I'm looking for.
EXAMPLE OF INSERTION:
$sql = "CREATE TABLE " . $_COOKIE['username'] . "_" . mysql_real_escape_string($wildcard_name) . "
(
example int,
example2 varchar(999),
example3 varchar(999),
example4 varchar(999)
)";
mysql_query($sql,$con);
Trying to add slashes:
$con = mysql_connect("server","user","pass");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$scrapbook_name = $_POST["scrapbook_name"];
$scrapbook_name = mysql_real_escape_string($scrapbook_name);
$scrapbook_name = addcslashes($scrapbook_name, '%_');
// Create table
mysql_select_db("user_scrapbooks", $con);
$sql = "CREATE TABLE " . $_COOKIE['user'] . "_" . $scrapbook_name . "
(
id int,
name varchar(999),
description varchar(999),
link varchar(999)
)";
mysql_query($sql,$con);
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
您可以使用“addcslashes”函数来转义通配符。
addcslashes 文档
You can use the 'addcslashes' function to escape the wildcard characters.
addcslashes doc
您应该使用` quote 创建表。
You should create table using ` quote.
看起来您并不是在尝试存储带有特殊字符的值,实际上是在尝试创建带有特殊字符的表标识符。
您可以在 SQL 中分隔标识符,因此可以允许特殊字符、空格、国际字符、SQL 关键字等。在 MySQL 中,标识符分隔符是反引号。在 ANSI SQL(或使用
SET SQL_MODE='ANSI'的 MySQL)中,标识符分隔符是双引号。因此,您可以创建一个表名,如果您每次使用它时对其进行分隔,该表名通常会无效:
但是,
mysql_real_escape_string()并不是用于准备安全用作字符串的正确函数。标识符。该函数适用于字符串值,使它们在单引号字符串中安全。mysql_real_escape_string()不会转义反引号。 因此,如果表名包含反引号,即使您尝试转义它并分隔,也可能会出现问题it:导致无效的 SQL 语句:
您应该真正过滤 cookie 内容,剔除无效字符。这样您就可以更加确信它不会造成问题。
您不需要对表名转义单引号、双引号或 LIKE 通配符。
It appears that you're not trying to store a value with special characters, you're actually trying to create a table identifier with special characters.
You can delimit identifiers in SQL, so you can permit special characters, spaces, international characters, SQL keyword, etc. In MySQL, the identifier delimiter is a back-tick. In ANSI SQL (or MySQL with
SET SQL_MODE='ANSI') the identifier delimiter is a double-quote.So you could create a table name that would normally be invalid if you delimit it any time you use it:
However,
mysql_real_escape_string()is not the right function to use for preparing strings to be used safely as an identifier. That function is for string values, to make them safe within single-quoted strings.mysql_real_escape_string()doesn't escape back-tick. So you could have a problem if your table name contains a back-tick, even if you try to escape it and delimit it:Results in an invalid SQL statement:
You should really filter the cookie contents, stripping out invalid characters. Then you have more assurance that it won't cause a problem.
You don't need to escape single-quotes or double-quotes or LIKE-wildcards for a table name.
我可能是错的(如果我错了,请纠正我),但是你不能使用 为此序列化?
I may be wrong on this (please correct me if I am), but couldn't you use serialize for this?