PHP在連接數(shù)據(jù)庫(kù)時(shí),可能需要為SQL語(yǔ)句中的字符串添加引號(hào),為了解決這一問(wèn)題,我們可以使用PHP的內(nèi)置函數(shù)quote()函數(shù),本文就帶大家來(lái)看一看。
首先來(lái)看一看quote()函數(shù)的語(yǔ)法:
public PDO::quote ( string $string , int $parameter_type = PDO::PARAM_STR ) : string
$string:要添加引號(hào)的字符串。
$parameter_type:為驅(qū)動(dòng)提示數(shù)據(jù)類型,以便選擇引號(hào)風(fēng)格。
返回值:返回加引號(hào)的字符串,理論上可以安全用于 SQL 語(yǔ)句。 如果驅(qū)動(dòng)不支持這種方式,將返回 false 。
代碼實(shí)例:
1、普通字符串加引號(hào)
<?php
$servername = "localhost";
$username = "root";
$password = "root123456";
$dbname = "my_database";
try {
$pdo = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
echo "連接成功"."<br>";
// $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->setAttribute(PDO::ATTR_CASE, PDO::CASE_UPPER);
$string = 'Nice';
print "Unquoted string: $string";
echo "<br>";
print "Quoted string: " . $pdo->quote($string) . "\n";
}catch(PDOException $e){
echo $e->getMessage();
}輸出:連接成功
Unquoted string: Nice Quoted string: 'Nice'
2、危險(xiǎn)字符串加引號(hào)
<?php
$servername = "localhost";
$username = "root";
$password = "root123456";
$dbname = "my_database";
try {
$pdo = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
echo "連接成功"."<br>";
// $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->setAttribute(PDO::ATTR_CASE, PDO::CASE_UPPER);
$string = 'Naughty \' string';
print "Unquoted string: $string";
echo "<br>";
print "Quoted string:" . $pdo->quote($string);
}輸出:連接成功
Unquoted string: Naughty ' string Quoted string:'Naughty \' string'
