You need to escape the single quote, an easy way to do this is to run the
text thru the addslashes() filter. Obviously you can't run your entire
query thru the filter thru the filter because most of your quotes need to be
identified by the db. Here is what I do.
$query = "insert table1(col1, col2, col3) values("
.sprintf("%01d",$intval).", \"".addslashes($stringvalue)."\", "
._CONSTANTINTVALUE.") ";
Addslashes makes other troublesome values become harmless as well and can be
used to prevent SQL injection hacks. If someone injects a SQL query into
your data it will not be processed, but will be stored in the DB string
variable. Course in this case you need to be careful that if you copy the
table contents you don't then execute the imbedded query.
Hope this helps,
Warren Vail
-----Original Message-----
From: Yamil Ortega [mailto:jiuman@xxxxxxxxx]
Sent: Wednesday, October 03, 2007 7:45 PM
To: php-general@xxxxxxxxxxxxx
Subject: inserting ´ in a db
Hi list, good day.
I have a simple script that inserts text on a mysql table, that has a field
named description and the type is text.
Everting works fine, except when I try to insert a text that includes a
simple quote.
For example
Yamil´s car
I send the character string to a variable and then insert into a query. But
the mysql says that something is wrong with the query because the quote
after the l looks like the end of the string, and ?s car? doesn`t look like
a valid part of the query.
Can anyone help me out, how to handle this error?
Thanks
Yamil
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
