PHP SQL更新查询失败

Question

我试图运行PHP这个SQL查询：

UPDATE 
    billing_calldata 
SET 
    status = 'c', 
    customer = '475', 
    description = 'UK Mobile VMNO C&W (fw7-C&W)', 
    customer_cost = '0.00720416666666667', 
    customer_ac = '0', 
    customer_sc = '0', 
    reseller_cost = '0', 
    reseller_ac = '0', 
    reseller_sc = '0' 

WHERE 序列= 10364723

，但它返回这个错误：

UPDATE 
    billing_calldata 
SET 
    status = 'c', 
    customer = '475', 
    description = 'UK Mobile VMNO CYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''UK Mobile VMNO C' at line 1 

的description是UK Mobile VMNO C&W (fw7-C&W)

但是q uery做工精细直接phpMyAdmin

查询是从我的vb.net应用的业务：

if($_POST["apikey"] <> '' and $_POST["apikey"] == '1nt3gr4' and $_POST["submittedSQL"] <> '') { 
    $sql = $_POST["submittedSQL"]; 
    mysql_query($sql, $conn) or die(mysql_error()); 
} 

：

SQL = "UPDATE billing_calldata SET " _ 
         & "status = 'c', " _ 
         & "customer = '" & customer_sequence & "', " _ 
         & "description = '" & description & "', " _ 
         & "customer_cost = '" & customer_cost & "', " _ 
         & "customer_ac = '" & customer_ac & "', " _ 
         & "customer_sc = '" & customer_sc & "', " _ 
         & "reseller_cost = '" & reseller_cost & "', " _ 
         & "reseller_ac = '" & reseller_ac & "', " _ 
         & "reseller_sc = '" & reseller_sc & "' " _ 
         & "WHERE sequence = " & sequence & " " 
        SQL = "apikey=1nt3gr4&submittedSQL=" + SQL 

然后我在POST请求的PHP页面，其中包含以下发送此

Answer 1

与real_escape_string逃离特殊字符：

$description = $mysqli->real_escape_string($description); 

然后在UPDATE中使用$description。