Freddy
Reputation: 1
Cannot save data containing apostrophe to MySQL database
Having issue when I try to submit data with apostrophe, won't allow me to save into database.
com0 is my form field.
$ucom0= mysqli_real_escape_string($_POST['com0']);
$AddQuery = "INSERT INTO database(feed1,comp1) VALUES ('".$ucom0."','".$uincrease0."')";
and here is the error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's
Upvotes: 0
Views: 1343
Answers (1)
MatthewMcGovern
Reputation: 3496
Data with an apostrophe will close the SQL statement prematurely. This is bad and can be open to SQL Injection. You should really use prepared statements. However, mysqli_real_escape_string can be used.
But the reason this doesn't work is because mysqli_real_escape_string requires two parameters when you call it procedurally like you are (unlike the deprecated mysql_real_escape_string());
$ucom0= mysqli_real_escape_string($link, $_POST['com0']);
Where $link is the variable returned from when you connected to the database:
$link = mysqli_connect("databasehost", "username", "password", "database");
This will be different if you are using Object based mysqli to connect:
$mysqli = new mysqli("databasehost", "username", "password", "database");
$ucom0 = $mysqli->real_escape_string($_POST['com0']);
Upvotes: 3
Related Questions
- Saving user input text containing an apostrophe into a database table using $wpdb->insert
- apostrophe [ ' ] not save in database
- Inserting a record with an apostrophe in MySQL and PHP
- How to escape apostrophe inside an input made with apostrophes
- Insert strings with apostrophes into database by php
- Can't add records to MySQL if the record contains an apostrophe
- MySQL real escape string
- Apostrophe issue when inserting into MySQL
- mysql_real_escape_string and apostrophe problem
- apostrophe in mysql/php