用于插入的 joomla 转义文本
joomla escape text for inserrt
我在让 Joomla 插入转义数据时遇到问题
查询是:
插入 #__shopper_orders (id, ordering, state, checked_out, checked_out_time, created_by, modified_by, order_paypal_ref、order_details、fulfillment_status、order_gift、terms_conditions)值(NULL、''、''、''、''、''、' ', '', '$newBody', '', '', '');
$newBody 是
$newBody = $db->quote( $emailText );
$db->query();
$emailText 是
<h2>Website Order</h2><p>Thank you for your order. We've included a copy of it below.</p>
它抛出错误
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'you for your order. We\'ve included a copy of it below.<\/p>\r\n<p>Quantiti' at line 3"
好像是在转义已经转义的'字符?
有什么想法吗?
谢谢
以为我会添加更新。
我在下面看到了 nibra,所以尝试了他的代码,但没有成功。但是我的代码看起来非常相似。
我喜欢 nibra 处理代码的方式,所以我想让它工作。所以我包括了工作代码和他的代码(注释掉)
//Insert into orders table
$newBody = $db->quote( $body );
$db->query();
$db = JFactory::getDbo();
$query ="
INSERT INTO `#__shopper_orders`
(`id`, `ordering`, `state`, `checked_out`, `checked_out_time`, `created_by`, `modified_by`, `order_paypal_ref`, `order_details`, `fulfillment_status`, `order_gift`, `terms_conditions`)
VALUES (NULL, '', '1', '', '', '', '', '', $newBody, '1', '', '')
";
$db->setQuery($query);
$db->query();
$insertId = $db->insertid();
/* $values = [
'id' => null,
'ordering' => '',
'state' => '1',
'checked_out' => '',
'checked_out_time' => '',
'created_by' => '',
'modified_by' => '',
'order_paypal_ref' => '',
'order_details' => $db->quote($body),
'fulfillment_status' => '1',
'order_gift' => '',
'terms_conditions' => '',
];
$query = $db->getQuery(true);
$query
->insert('#__shopper_orders')
->columns(array_keys($values))
->values(implode(',', $values))
;
$db->setQuery($query);
$result = $db->execute();
$insertId = $db->insertid();*/
首先,您应该使用 QueryBuilder 而不是文字 SQL。您的组件的用户可能使用 MySQL.
以外的其他 RDBMS
其次,JDatabaseDriver::quote 是添加引号,默认情况下它也会对字符串进行转义。因此,另外引用 $newBody 会破坏 SQL.
<?php
$db = \Joomla\CMS\Factory::getDbo();
$values = [
'id' => null,
'ordering' => '',
'state' => '',
'checked_out' => '',
'checked_out_time' => '',
'created_by' => '',
'modified_by' => '',
'order_paypal_ref' => '',
'order_details' => $db->quote($emailText),
'fulfillment_status' => '',
'order_gift' => '',
'terms_conditions' => '',
];
$query = $db->getQuery(true);
$query
->insert('#__shopper_orders')
->columns(array_keys($values))
->values(implode(',', $values))
;
$db->setQuery($query);
$result = $db->execute();
@nibra 方法很好。下面是相同的,稍作修改,$db->quote 也接受数组。
<?php
$db = \Joomla\CMS\Factory::getDbo();
$values = [
'id' => null,
'ordering' => '',
'state' => '',
'checked_out' => '',
'checked_out_time' => '',
'created_by' => '',
'modified_by' => '',
'order_paypal_ref' => '',
'order_details' => $emailText,
'fulfillment_status' => '',
'order_gift' => '',
'terms_conditions' => '',
];
$query = $db->getQuery(true);
$query
->insert('#__shopper_orders')
->columns(array_keys($values))
->values(implode(',', $db->quote(array_values($values))))
;
$db->setQuery($query);
$result = $db->execute();
我在让 Joomla 插入转义数据时遇到问题
查询是:
插入 #__shopper_orders (id, ordering, state, checked_out, checked_out_time, created_by, modified_by, order_paypal_ref、order_details、fulfillment_status、order_gift、terms_conditions)值(NULL、''、''、''、''、''、' ', '', '$newBody', '', '', '');
$newBody 是
$newBody = $db->quote( $emailText );
$db->query();
$emailText 是
<h2>Website Order</h2><p>Thank you for your order. We've included a copy of it below.</p>
它抛出错误
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'you for your order. We\'ve included a copy of it below.<\/p>\r\n<p>Quantiti' at line 3"
好像是在转义已经转义的'字符?
有什么想法吗?
谢谢
以为我会添加更新。
我在下面看到了 nibra,所以尝试了他的代码,但没有成功。但是我的代码看起来非常相似。
我喜欢 nibra 处理代码的方式,所以我想让它工作。所以我包括了工作代码和他的代码(注释掉)
//Insert into orders table
$newBody = $db->quote( $body );
$db->query();
$db = JFactory::getDbo();
$query ="
INSERT INTO `#__shopper_orders`
(`id`, `ordering`, `state`, `checked_out`, `checked_out_time`, `created_by`, `modified_by`, `order_paypal_ref`, `order_details`, `fulfillment_status`, `order_gift`, `terms_conditions`)
VALUES (NULL, '', '1', '', '', '', '', '', $newBody, '1', '', '')
";
$db->setQuery($query);
$db->query();
$insertId = $db->insertid();
/* $values = [
'id' => null,
'ordering' => '',
'state' => '1',
'checked_out' => '',
'checked_out_time' => '',
'created_by' => '',
'modified_by' => '',
'order_paypal_ref' => '',
'order_details' => $db->quote($body),
'fulfillment_status' => '1',
'order_gift' => '',
'terms_conditions' => '',
];
$query = $db->getQuery(true);
$query
->insert('#__shopper_orders')
->columns(array_keys($values))
->values(implode(',', $values))
;
$db->setQuery($query);
$result = $db->execute();
$insertId = $db->insertid();*/
首先,您应该使用 QueryBuilder 而不是文字 SQL。您的组件的用户可能使用 MySQL.
以外的其他 RDBMS其次,JDatabaseDriver::quote 是添加引号,默认情况下它也会对字符串进行转义。因此,另外引用 $newBody 会破坏 SQL.
<?php
$db = \Joomla\CMS\Factory::getDbo();
$values = [
'id' => null,
'ordering' => '',
'state' => '',
'checked_out' => '',
'checked_out_time' => '',
'created_by' => '',
'modified_by' => '',
'order_paypal_ref' => '',
'order_details' => $db->quote($emailText),
'fulfillment_status' => '',
'order_gift' => '',
'terms_conditions' => '',
];
$query = $db->getQuery(true);
$query
->insert('#__shopper_orders')
->columns(array_keys($values))
->values(implode(',', $values))
;
$db->setQuery($query);
$result = $db->execute();
@nibra 方法很好。下面是相同的,稍作修改,$db->quote 也接受数组。
<?php
$db = \Joomla\CMS\Factory::getDbo();
$values = [
'id' => null,
'ordering' => '',
'state' => '',
'checked_out' => '',
'checked_out_time' => '',
'created_by' => '',
'modified_by' => '',
'order_paypal_ref' => '',
'order_details' => $emailText,
'fulfillment_status' => '',
'order_gift' => '',
'terms_conditions' => '',
];
$query = $db->getQuery(true);
$query
->insert('#__shopper_orders')
->columns(array_keys($values))
->values(implode(',', $db->quote(array_values($values))))
;
$db->setQuery($query);
$result = $db->execute();