0
我的脚本想用双引号替换或删除单引号 str_replace(rtrim(c_manager),〜s/\'/ \'\'/ g)此行无法工作出..Perl将单引号替换为双引号字符串
例子:k'amal
结果:。K“阿迈勒或卡迈勒
$sql = 'select rtrim(f_admin_disabled),'."\n".
' convert(varchar,t_password,101),'."\n".
' rtrim(c_email),'."\n".
' str_replace(rtrim(c_manager),~s/\'/\'\'/g),'."\n".
' rtrim(c_mgr_email)'."\n".
' from tuserprofile'."\n".
' where ic_user1 = '."'$user_id'"."\n";
$sth = $dbh->prepare("$sql")
or err("Database error in $sql", "Error preparing SQL statement:\r\n\n" . $dbh->errstr, 3);
$sth->execute or err("Database error in $sql", "Error executing SQL statement:\r\n\n" . $dbh->errstr, 3);
$sth->bind_columns(\$prev_status, \$prev_date, \$prev_email, \$prev_mngr_name, \$prev_mngr_email);
$sth->fetch();
$sth->finish();
if($user_email ne $prev_email){
$sql = 'declare @result int'."\n".
'exec @result = ap_recert_update '."'$user_id', '$prev_date', ".
"'$prev_status', '$user_email', ".
"'$prev_mngr_name', '$prev_mngr_email' "."\n".
'SELECT @result'."\n";
$sth = $dbh->prepare("$sql")
or err("Database error in $sql", "Error preparing SQL statement:\r\n\n" . $dbh->errstr, 3);
$sth->execute or err("Database error in $sql", "Error executing SQL statement:\r\n\n" . $dbh->errstr, 3);
$sth->bind_columns(\$result);
$sth->fetch();
if($result < 0){
err("", $user_id."\t".$result, 0);
$problem = $problem.$user_id."\t".$result."\n";
}
$sth->finish();
}
}
}
我认真希望你没有使用那种SQL的在生产中注射诱饵 – user3243135