问题
I'm using the pg_query_params function to add values in my table vmobjects in my addvm.php page.
$query = "INSERT INTO vmobjects(guid, ipaddress, username, password, hostid, vmname, guestostype) VALUES($1, $2, $3, $4, $5, $6,
$7)";
$result = pg_query_params($conn, $query, array($guid, $ip, $username, $password, $hostid, $name, strtolower($os)));
Now I'm using pg_fetch_array for fetch the row in an array.
I'm using this query:
$query = "select vmname, guid, hostid, guestosname from vmobjects";
AddLog("infrastructure.php", "Query: ".$query, ERR_DEBUG_LOW);
$result = pg_query($conn, $query);
$no_records = pg_num_rows($result);
$j = $no_records;
$i = 0;
while($row = pg_fetch_array($result))
{
if($row[3] == "")
{
$vmobj_Array[$i] = $row[0] . '***' . $row[1] . '***' . $row[2];
}
else
{
$vmobj_Array[$i] = $row[0] . ' ( ' . $row[3] . ' )' . '***' . $row[1] . '***' . $row[2];
}
$i++;
}
But it is working only for a simple string like james, helton, discovere, not for j'ames, h'elton, d'iscovere.
Actually I want to fetch the row in both formats.
回答1:
As per how to encode single quotes , htmlentities($str, ENT_QUOTES); or htmlspecialchars($str, ENT_QUOTES); should do the trick where $str should be replaced by the variable or string you want to escape (e.g., $row[0]). If you just want to add it, all you need to do is add it: print "Here's an apostrophe '";
回答2:
Try using this to fetch the values to get both:
while($row = pg_fetch_array($result, null, PGSQL_BOTH)){
Also, your queries are different: in the INSERT you are inserting guestostype, but you are selecting guestosname in the SELECT. I'm guessing your query is simply not returning any values because you are asking for a row that doesn't exist, but verify with psql that all the data is in the table.
回答3:
I wrote a test program which appears to be more or less a program which executes the key functionality described above. It seems to work just fine. Can you explain how your program differs from this test program or provide a test program of your own?
<?php
$conn = pg_connect("host=localhost");
$result = pg_exec($conn,"drop table tvmobjects cascade;");
$result = pg_exec($conn,"create table tvmobjects (guid text not null, ipaddress text not null, username text not null, password text, hostid text not null, vmname text not null, guestostype text, guestosname text);");
function add_user($conn,$guid,$ip,$username,$password,$hostid,$name,$os)
{
$query = "INSERT INTO tvmobjects(guid,ipaddress,username,password,hostid,vmname,guestostype) VALUES($1, $2, $3, $4, $5, $6, $7)";
$result = pg_query_params($conn,$query,array($guid,$ip,$username,$password,$hostid,$name,strtolower($os)));
$no_records=pg_num_rows($result);
echo "Got $no_records in insert of $username\n";
}
add_user($conn,"james","1.2.3.4","james","semaj", "jamesid", "jamesvm", "jamesostype");
add_user($conn,"j'ames","1.2.3.5","j'ames","semaj", "j'amesid", "j'amesvm", "j'amesostype");
$query= "select vmname,guid,hostid,guestosname from tvmobjects";
$result = pg_query($conn,$query);
$no_records=pg_num_rows($result);
$j=$no_records;
$i=0;
while($row = pg_fetch_array($result))
{
if ($row[3]=="")
{
echo $row[0].'***'.$row[1].'***'.$row[2]."\n";
}
else
{
echo $row[0].' ( '.$row[3].' )'.'***'.$row[1].'***'.$row[2]."\n";
}
$i++;
}
?>
Running this for me generates:
Got 0 in insert of james
Got 0 in insert of j'ames
jamesvm***james***jamesid
j'amesvm***j'ames***j'amesid
As previously pointed out, you are not inserting guestosname when you insert the record, so likewise the output shown here doesn't have the (guestosname) annotation. But the insert and select seems to work like a champ so it is not clear what is wrong.
回答4:
Use this:
while($row = pg_fetch_array($result))
{
if($row[3] == "")
{
$vmobj_Array[$i] = htmlentities($row[0], ENT_QUOTES) . "***" . $row[1] . "***" . $row[2];
}
else
{
$vmobj_Array[$i] = htmlentities($row[0], ENT_QUOTES) . "***" . $row[1] . "***" . $row[2];
}
$i++;
}
来源:https://stackoverflow.com/questions/6058523/how-to-escape-a-single-quote