SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Enthusiast
    Join Date
    Oct 2004
    Location
    Israel
    Posts
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    inserting a variable with a ' into a mysql database

    $sql = "INSERT INTO Jokes SET
    JokeText='$joketext',
    JokeDate=CURDATE()";

    this is an example i pasted from the sitepoint php/mysql manual.

    if $joketext contains an ' , for example $joketext="ab'cd"

    then when the insert query is applied mysql will recognise the ' after the b as the closing ' of that line and an error will be returned.

    i need a way to get around that somehow..
    thnx.


    interesting thing is that when a variable $_gets a string that is read from a database this error does not occur. ill give an example for this last sentence:

    i have a form where in one of the fields there is a dropdown menu. the values of that menu are read from a database. even when a value in that menu has a ' in it, the form can be submitted, and a variable getting this value through $_GET can be inserted into a database in the technique i pasted from the manual. the extra ' doesnt seem to bother mysql for some reason.
    Seffi B. admin @ www.myhair.co.il
    Hair loss

  2. #2
    Non-Member St.'s Avatar
    Join Date
    Nov 2004
    Location
    Cloud #9
    Posts
    119
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    addslashes() ?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •