MySQL 转义单引号
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3642305/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
escape single quotes
提问by shantanuo
I have a table like this...
我有一张这样的桌子...
select * from myescape;
+-----------+
| name |
+-----------+
| shantanu' |
| kumar's |
+-----------+
2 rows in set (0.00 sec)
I need to replace the single quote ' with \'
我需要用 \' 替换单引号 '
I will also need to escape double quotes and backslash.
我还需要转义双引号和反斜杠。
回答by bobince
The point of prepared statements is that you don't have to include content in them. Use a PREPAREquery with ?placeholders and then EXECUTE ... USINGto pass the values in without having to escape them.
准备好的语句的要点是您不必在其中包含内容。使用PREPARE带有?占位符的查询,然后EXECUTE ... USING将值传入而不必转义它们。
Don't try to do escaping yourself, because you're likely to make mistakes. Depending on what encoding you're using, there can be more to it than just backslash-escaping quotes, backslash and null.
不要试图逃避自己,因为你很可能会犯错误。根据您使用的编码,它可能不仅仅是反斜杠转义引号、反斜杠和空值。
回答by Ghostpsalm
Try this;
尝试这个;
UPDATE myescape SET name = REPLACE(name, "'", "\'");
You may want to think precisely about whyyou might want to do this (as Tomalak has said). Even in a stored procedure these fields should be strings, not commands.
您可能想要准确地思考为什么要这样做(正如 Tomalak 所说)。即使在存储过程中,这些字段也应该是字符串,而不是命令。
回答by Pramendra Gupta
You can use char function.
您可以使用char 函数。
mysql> SELECT QUOTE('Don\'t!');
-> 'Don\'t!'
mysql> SELECT QUOTE(NULL);
Helpful link
有用的链接
回答by Jeff Davis
Try this:
尝试这个:
SELECT REPLACE( REPLACE( name , "'", "\'" ) , '"', '\"' )
FROM myescape
