你有两个问题。
- You copied the value of the long text into your query (presumably an INSERT or UPDATE statement, though it could simply be the value to compare with in a SELECT).
- You did not notice that the first unescaped single quote after the opening quote terminates the string.
鉴于你正在使用我的SQL,我认为你有两个选择:
标准(适用于大多数甚至全部的房舍管理事务):使用两种连续的单一报价插入一个:
-- Insert a string consisting of one single quote
He said, "Don t do that!" -- A string containing a single quote
MySQL(也可作为别处的选择,但并非所有的房舍管理处都承认这一选择):使用斜坡来逃避单一报价:
-- As above
He said, "Don t do that!" -- Also as above
There may also be functions you can use to do the escaping for you - depending on the host language you are using. However, the preferred way to get values into an SQL statement, especially ones that might contain random characters, is to use placeholders. The mechanics depend on the host language in which you are embedding the SQL, but the general idea is:
- The raw SQL string looks like:
INSERT INTO SomeTable VALUES(?, ?, ?);
- You PREPARE the statement, more or less explicitly.
- When you execute it, you provide the data as parameters to the EXECUTE.
- Or, if it is a SELECT statement, you PREPARE it, you DECLARE a cursor for it, then you OPEN the cursor and provide the parameter values at that time.
用一种语言(IBM Informix 4GL):
DEFINE a INTEGER, b DECIMAL(10,2), c VARCHAR(250)
LET a = 1
LET b = 99999999.99
LET c = He said, "Don t do that!"
PREPARE p1 FROM "INSERT INTO SomeTable(a,b,c) VALUES(?, ?, ?)"
EXECUTE p1 USING a, b, c
PREPARE p2 FROM "SELECT * FROM SomeTable WHERE c = ?"
DECLARE c2 CURSOR FOR p2
OPEN c2 USING c
请注意,如果您不使用地籍,就必须非常谨慎,不要落到。
