一段网页脚本插入到mysql数据库的问题?

麻烦的一笔 2011-04-07 01:31:37

<script type="text/javascript">

var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-22266712-1']);
_gaq.push(['_trackPageview']);

(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? ' https://ssl' : ' http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

</script>

这样整个一段脚本插入到mysql中,提示错误:
You have an error in your sql syntax: check the manual that corresponds to Your MySql server version for the right syntax to use near ' desc, keyward title values('<script type="text/javascript">)
var _gaq = ' at line 1

这个问题改怎么解决?
...全文
172 12 打赏 收藏 转发到动态 举报
写回复
用AI写文章
12 条回复
切换为时间正序
请发表友善的回复…
发表回复
lfkcn 2011-04-14
  • 打赏
  • 举报
回复
是不是转义符造成的?

php.ini文件里的magic_quotes_gpc设成了off,那么PHP就不会在敏感字符前加上反斜杠(\)
麻烦的一笔 2011-04-14
  • 打赏
  • 举报
回复
对啊,我在mysql里这样插也没问题,但是放在net程序里就有问题了,郁闷的~~
kaifadi 2011-04-14
  • 打赏
  • 举报
回复
[Quote=引用 9 楼 qwe8254 的回复:]

刚试过了,以上的代码如果转义后就可以请看
SQL code
insert into test1(title,counts) values('aaa','<script type=\"text/javascript\">
var _gaq = _gaq || [];
_gaq.push([\'_setAccount\', \'UA-22581801-1\']);
_gaq.push……
[/Quote]
你这个就等于加了一个转义了PHP里对应的是addslashes.。NET里我不知道是怎么样的处理方式!
麻烦的一笔 2011-04-09
  • 打赏
  • 举报
回复
顶,各位麻烦帮我试一下,把这条insert语句插入mysql数据库,帮我解决下问题
麻烦的一笔 2011-04-09
  • 打赏
  • 举报
回复
刚试过了,以上的代码如果转义后就可以请看
insert into test1(title,counts) values('aaa','<script type=\"text/javascript\">
var _gaq = _gaq || [];
_gaq.push([\'_setAccount\', \'UA-22581801-1\']);
_gaq.push([\'_trackPageview\']);

(function() {
var ga = document.createElement(\'script\'); ga.type = \'text/javascript\'; ga.async = true;
ga.src = (\'https:\' == document.location.protocol ? \' https://ssl\' : \' http://www\') + \'.google-analytics.com/ga.js\';
var s = document.getElementsByTagName(\'script\')[0]; s.parentNode.insertBefore(ga, s);
})();

</script>');

在每个单引号前加上斜杠就可以解决插不进去的问题,但是在程序里该怎么转义呢?
麻烦的一笔 2011-04-09
  • 打赏
  • 举报
回复
直接一条insert语句也不行啊,该如何解决呢?
insert into test1(title,counts) values('aaa','<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-22581801-1']);
_gaq.push(['_trackPageview']);

(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? ' https://ssl' : ' http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

</script>');
麻烦的一笔 2011-04-09
  • 打赏
  • 举报
回复
我用的是asp.net在插入mysql前如何处理呢?
LuciferStar 2011-04-09
  • 打赏
  • 举报
回复
脚本入库前处理一下:htmlspecialchars
麻烦的一笔 2011-04-09
  • 打赏
  • 举报
回复
顶贴的坛友都有分!!!
麻烦的一笔 2011-04-07
  • 打赏
  • 举报
回复
直接在mysql的命令行里执行:
insert into rp_index_info(title,keywords,desc,count)
values('aaa','bbb','ccc','<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-22581801-1']);
_gaq.push(['_trackPageview']);

(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? ' https://ssl' : ' http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

</script>');
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc,count)
values('aaa','bbb','ccc','<script type="text/javascript">
var _g' at line 1
子夜__ 2011-04-07
  • 打赏
  • 举报
回复
插入的时候生成的SQL 有语法错误 是<script type="text/javascript">这些标签的问题

插入的时候要把HTML特殊标签替换掉

 /// <summary>
/// 插入SQL时替换字符
/// </summary>
/// <param name="str"></param>
/// <returns></returns>
public static string Encode(string str)
{
str = str.Replace("'", "''");
str = str.Replace("\"", """);
str = str.Replace("<", "<");
str = str.Replace(">", ">");
str = str.Replace("\n", "<br>");
str = str.Replace("“", "“");
str = str.Replace("”", "”");
return str;
}

/// <summary>
/// 取SQL值时还原字符
/// </summary>
/// <param name="str"></param>
/// <returns></returns>
public static string Decode(string str)
{
str = str.Replace("”", "”");
str = str.Replace("“", "“");
str = str.Replace("<br>", "\n");
str = str.Replace(">", ">");
str = str.Replace("<", "<");
str = str.Replace(""", "\"");
str = str.Replace("''", "'");
return str;
}


用这个来替换

或者替换HTML标签。

  /// <summary>
/// 去除HTML标记
/// </summary>
/// <param name="Htmlstring"></param>
/// <returns></returns>
public static string NoHTML(string Htmlstring) //替换HTML标记
{

//删除脚本
Htmlstring = Regex.Replace(Htmlstring, @"<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase);
//删除HTML
Htmlstring = Regex.Replace(Htmlstring, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"([\r\n])[\s]+", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"-->", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"<!--.*", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(quot|#34);", "\"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(amp|#38);", "&", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(lt|#60);", "<", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(gt|#62);", ">", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(nbsp|#160);", " ", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(iexcl|#161);", "\xa1", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(cent|#162);", "\xa2", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(pound|#163);", "\xa3", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(copy|#169);", "\xa9", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&#(\d+);", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"<img[^>]*>;", "", RegexOptions.IgnoreCase);
Htmlstring.Replace("<", "");
Htmlstring.Replace(">", "");
Htmlstring.Replace("\r\n", "");
Htmlstring = HttpContext.Current.Server.HtmlEncode(Htmlstring).Trim();
return Htmlstring;
}


dalmeeme 2011-04-07
  • 打赏
  • 举报
回复
插入代码是怎样的,字符串是在文件里,还是直接在cs文件里写的?

4,251

社区成员

发帖
与我相关
我的任务
社区描述
国内外优秀PHP框架讨论学习
社区管理员
  • Framework
加入社区
  • 近7日
  • 近30日
  • 至今
社区公告
暂无公告

试试用AI创作助手写篇文章吧