时间戳

首页 > 解决方案 > SQL QUESTION - Difference between using special characters with '' or with "" in a query in PHP

php - SQL QUESTION - Difference between using special characters with '' or with "" in a query in PHP

问题描述

In this php function I'm doing a query to tables that the name contain special characters like $ so in php If I use "" in the query the application thinks that the table name is a variable so it returns Variable not found.

Exemple 1:

$SQL = "SELECT COUNT(*)
        FROM [table_name$1] 
        left join [table_name$2] as d on [Code] = d.[Code]
        where d.[Dimension Code] = 'NAT'
        and [Request Code] not like 'AC%'";

But if I use '' in the query he thinks that everything inside "" is a column so it returns Invalide column Name in this case NAT

Exemple 2:

$SQL = 'SELECT COUNT(*)
        FROM [table_name$1] 
        left join [table_name$2] as d on [Code] = d.[Code]
        where d.[Dimension Code] = "NATUREZA FUNC"
        and [Request Code] not like "AC%"';

Best way to escape this problem? I now you can use mysql_real_escape_string to escape them but there´s a lot of tables. I would like to now if it exists a more efficient way

标签: phpsqlspecial-characters

解决方案

That is a really unclear database naming convention. Have you tried to use backticks ( ` ) to surround table references. See: When to use single quotes, double quotes, and backticks in MySQL

Also using prepared statements might be a better option.

推荐阅读