Paul M
Reputation: 4157
Escaping a string being inserted into Mysql
I have tried all combinations of single quotes, double quotes etc but the following code keeps erroring with sql syntax error. The en and cy are paragraphs of text. I think I must be missing something obvious but I cant see it. Any suggestions?
$insert_dana = mysql_query("UPDATE Contributor (Summary_en,Summary_cy) VALUES ('" . mysql_real_escape_string($insert[en][0]) . "','" . mysql_real_escape_string($insert[cy][0]) . "') WHERE id='$insert[id]'");
Upvotes: 1
Views: 95
Answers (2)
oezi
Reputation: 51797
you're confusing the UPDATE- and the INSERT-syntax. for UPDATE, it's like:
UPDATE
table
SET
field = 'value'
WHERE
...
while an INSERT looks like:
INSERT INTO
table
(field)
VALUES
('value')
you can't write an UPDATE with (field) VALUES ('value')-syntax.
Upvotes: 1
juergen d
Reputation: 204746
You mixed insert and update statement syntax. Use this one
$insert_dana = mysql_query("UPDATE Contributor set Summary_en = '" . mysql_real_escape_string($insert[en][0]) . "', Summary_cy = '" . mysql_real_escape_string($insert[cy][0]) . "' WHERE id='$insert[id]'");
Upvotes: 2
Related Questions
- PHP Cannot escape my string properly
- Escape strings/ inserting in php script
- Escaping characters before insert into database
- How to escape string in mySQL
- How to properly escape a string via PHP and mysql
- php mysql escaping characters in INSERT statement
- Escaping for insert to MySql
- Escaping string for MySQL statement
- Escaping in insert statement
- mysql insert escape