Reputation: 734
Insert Strings that contain " ` " or " ' " to the database table - Php
I have to insert some strings to my database.
The problem is that every time I use " ` " or " ' " it causes errors in the Sql.
For ex, when someone types "that's great" , it just messes everything up.
How can I solve this?
Thanks!
Upvotes: 0
Views: 2225
Answers (3)
Reputation: 626
Use the real escape string function. Actually, MySQL prevents ' or ` from entering the system in order to prevent SQL Injection attacks.
Function Syntax: mysql_real_escape_string($your_string)
Upvotes: 2
Reputation: 13972
Use a prepared/parameterized query.
Manual: http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php
Upvotes: 1
Reputation:
Use the mysqli escape string function:https://www.php.net/manual/en/mysqli.real-escape-string.php (you shouldn't be using the mysql functions as they are depreciated) https://www.php.net/manual/en/function.mysql-real-escape-string.php
Upvotes: 1
Related Questions
- Inserting data using PHP into mysql when it contains a '
- Mysql PHP insert with quotes and double quotes
- Inserting a name with ' in a MySQL table
- Escape strings/ inserting in php script
- PHP + Mysql : How to insert data having , " ' (Semicolon, Single + Double Quotation Marks)
- Insert strings with apostrophes into database by php
- php mysql escaping characters in INSERT statement
- string value contains (') in the insert statement.
- MySQL does not let me insert my values that contain single quotes ( ' )
- How to insert a string that contains quote marks into a database?