Reputation: 194
PHP + Mysql : How to insert data having , " ' (Semicolon, Single + Double Quotation Marks)
Sometimes it sucks when you have these ; " ' (semicolon, single and double quotation marks) everything in a string.
Question is simple what is the easiest way to send those sting into the database.
base64_encode();
base64_decode();
// Is not an option. I need to keep those data just same as it is.
Upvotes: 0
Views: 2719
Answers (3)
Reputation: 1484
PDO statements is the best solution to your problem of executing SQL queries to your database with values that have single/double quotation marks... but more importantly PDO statements help prevent SQL injection.
To show you how this works, this very simple example gives you a basic understanding of how PDO statements work. All this example does is make the connection to the database and insert the username, email and password to the users table.
<?php
// START ESTABLISHING CONNECTION...
$dsn = 'mysql:host=host_name_here;dbname=db_name_here';
//DB username
$uname = 'username_here';
//DB password
$pass = 'password_here';
try
{
$db = new PDO($dsn, $uname, $pass);
$db->setAttribute(PDO::ERRMODE_SILENT, PDO::ATTR_EMULATE_PREPARES);
error_reporting(0);
} catch (PDOException $ex)
{
echo "Database error:" . $ex->getMessage();
}
// END ESTABLISHING CONNECTION - CONNECTION IS MADE.
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$hashed_password = password_hash($password, DEFAULT_BCRYPT);
//Validation on inputs here...
// Your SQL query... here is a sample one.
$query = "INSERT INTO users (userName, email, password) VALUES (:userName, :email, :password)";
$statement = $db->prepare($query);
// The values you wish to put in.
$statementInputs = array("userName" => $username, "email" => $email, "password" => $hashed_password);
$statement->execute($statementInputs);
$statement->closeCursor();
?>
You could put the establishing connection part in a separate file and require_once that file to avoid having to write the same code, again and again to establish a connection to your database.
Upvotes: 1
Reputation: 508
Use mysqli_real_escape_string
$someText = mysqli_real_escape_string($con,"It's a test.");
where $con is your database connection variable.
Upvotes: 1
Related Questions
- Inserting data using PHP into mysql when it contains a '
- MySQL error when inserting data containing apostrophes (single quotes)?
- Mysql PHP insert with quotes and double quotes
- Inserting Data to MySQL, Double Quotes Added to Fields
- Escaping single quotes in PHP/MySQL insert not working
- PHP: Error when inserting quotation marks in mySQL
- Add data into php mysql with single quotes
- insert values with \"%s\ error MYSQL PHP
- MySQL does not let me insert my values that contain single quotes ( ' )
- How to insert a string that contains quote marks into a database?