Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.5k views
in Technique[技术] by (71.8m points)

php - Escape table name MySQL

I have a little problem with escaping table name. I was so stupid that i choose "show" for the name of table. When I use mysqli connection the escaping works fine, but its not working with classical mysql connection. Any advise? Sorry for my English, I am not native speaker.

SELECT SQL_CALC_FOUND_ROWS year, nameShow 
FROM   `show`
LIMIT 0, 10

I get error as

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'show' at line 2 –

Query

$sQuery = "
    SELECT SQL_CALC_FOUND_ROWS year, nameShow 
    FROM   `show`
    $sWhere
    $sOrder
    $sLimit
    ";
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Section 9.3 of MySQL 5.1 Reference Manual says back ticks (`) or double quotes ("), however, I'd go with Fahim Parkar's comment above and just rename the table.

Also worth noting, you must use ANSI_QUOTES SQL mode if using double quotes per Section 9.2:

If the ANSI_QUOTES SQL mode is enabled, it is also permissible to quote identifiers within double quotation marks


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...