ecmsapi
ecmsapi copied to clipboard
Published
20 hours ago •
fonhen
fonhen
EapiDb insert bug
public function insert($table , $data = [])
{
if(empty($table) || empty($data) || !is_array($data)){
return false;
}
$field = "";
$value = "";
foreach($data as $f=>$v){
$field .= "," . $f;
$value .= ",'" . $v ."'";//当写入值包含单引号会导致SQL错误,无法写入
}
$field = substr($field , 1);
$value = substr($value , 1);
$sql = "insert into {$table} ({$field}) values ({$value});";
$res = $this->query($sql , false);
if(true === $res){
return $this->empire->lastid();
}else{
return false;
}
}
以下是我的修复
public function insert($table , $data = [])
{
if(empty($table) || empty($data) || !is_array($data)){
return false;
}
$field = "";
$value = "";
foreach($data as $f=>$v){
$field .= "," . $f;
if (strpos($v, "'") !== false) {
$v = str_replace("'", "''", $v);
}
$value .= ",'" . $v ."'";
}
$field = substr($field , 1);
$value = substr($value , 1);
$sql = "insert into {$table} ({$field}) values ({$value});";
$res = $this->query($sql , false);
if(true === $res){
return $this->empire->lastid();
}else{
return false;
}
}
