问题
This is my code
return $this->db
->select('organization')
->like('title',$this->db->escape_str($query))
->or_like('description',$this->db->escape_str($query))
->get('shop_search')
->num_rows();
every thing works well until there is a ' and NOT " in the $query.
The error is: $query="d'"
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%' OR `description` LIKE '%d\\\\\\'%'' at line 3
SELECT `organization` FROM `default_shop_search` WHERE `title` LIKE '%d\\\\\\'%' OR `description` LIKE '%d\\\\\\'%'
What am I missing here?
Dump of passed query:
Debug #1 of 1: string(2) "d'"
回答1:
You don't need to escape manually the parameter while you're using CI Active Record Class, Just remove the $this->db->escape_str() method:
return $this->db
->select('organization')
->like('title', $query)
->or_like('description', $query)
->get('shop_search')
->num_rows();
From CI user Guide:
$this->db->like()
Note: All values passed to this method are escaped automatically.
Update
Okay, here's my test-case:
$query = "e'";
$res = $this->db
->select()
->like('title', $query)
->or_like('description', $query)
->get('shop_search')
->num_rows();
var_dump($this->db->last_query());
// Output: string(96) "SELECT * FROM (`myPrefix_shop_search`) WHERE `title` LIKE '%e\'%' OR `description` LIKE '%e\'%'"
var_dump($res);
// Output: int(1)
As I expected, AR added only one backslash to escape the $query. I run this test on CI v2.1.4.
Please revise your logic, and if you don't find anything wrong, share more necessary code, I'm all ears.
回答2:
use
$query = mysql_real_escape_string($query);
return $this->db
->select('organization')
->like('title',$query)
->or_like('description',$query)
->get('shop_search')
->num_rows();
来源:https://stackoverflow.com/questions/18417441/getting-mysql-syntax-error-using-codeigniter-like-active-record