用反斜杠转义报价。喜欢
'Kellogg's'。
这是您的功能,使用
mysql_real_escape_string:
function insert($database, $table, $data_array) { // Connect to MySQL server and select database $mysql_connect = connect_to_database(); mysql_select_db ($database, $mysql_connect); // Create column and data values for SQL command foreach ($data_array as $key => $value) { $tmp_col[] = $key; $tmp_dat[] = "'".mysql_real_escape_string($value)."'"; // <-- escape against SQL injections } $columns = join(',', $tmp_col); $data = join(',', $tmp_dat); // Create and execute SQL command $sql = 'INSERT INTO '.$table.'('.$columns.')VALUES('. $data.')'; $result = mysql_query($sql, $mysql_connect); // Report SQL error, if one occured, otherwise return result if(!$result) { echo 'MySQL Update Error: '.mysql_error($mysql_connect); $result = ''; } else { return $result; } }
