PHP在连接数据库时,可能需要为sql
语句中的字符串添加引号,为了解决这一问题,我们可以使用PHP的内置函数quote()
函数,本文就带大家来看一看。
首先来看一看quote()
函数的语法:
public PDO::quote ( string $string , int $parameter_type = PDO::ParaM_STR ) : string
$string:要添加引号的字符串。
代码实例:
1.普通字符串加引号
<?PHP $servername = localhost; $username = root; $password = root123456; $dbname = my_database; try { $pdo = new PDO(MysqL:host=$servername;dbname=$dbname, $username, $password); echo 连接成功.<br>; // $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $pdo->setAttribute(PDO::ATTR_CASE, PDO::CASE_UPPER); $string = 'Nice'; print Unquoted string: $string; echo <br>; print Quoted string: . $pdo->quote($string) . \n; }catch(PDOException $e){ echo $e->getMessage(); }
输出:连接成功 Unquoted string: Nice Quoted string: 'Nice'
2 危险字符串加引号
<?PHP $servername = localhost; $username = root; $password = root123456; $dbname = my_database; try { $pdo = new PDO(MysqL:host=$servername;dbname=$dbname, $username, $password); echo 连接成功.<br>; // $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $pdo->setAttribute(PDO::ATTR_CASE, PDO::CASE_UPPER); $string = 'Naughty \' string'; print Unquoted string: $string; echo <br>; print Quoted string: . $pdo->quote($string); }
输出:连接成功 Unquoted string: Naughty ' string Quoted string:'Naughty \' string'
推荐:《2021年PHP面试题大汇总(收藏)》《php视频教程》