Hello,
I am getting an error message when I am adding this sign: ' to a record in a MySQL table using PHP.
What's wrong and what's the best way to fix that?
Please help. Thanks.
| SitePoint Sponsor |
Error when adding ' to MySQL using PHP
Hello,
I am getting an error message when I am adding this sign: ' to a record in a MySQL table using PHP.
What's wrong and what's the best way to fix that?
Please help. Thanks.
Why It Doesn't Work?!
you need to esacpe it using mysql_real_escape_string which you should be doing with all data going into your database.
John Conde | Facebook | Twitter
Brainyminds Merchant Account Services I Love Code eBook Giant
Authorize.Net: AIM API | ARB API | CIM API Get the FREE code!
Merchant Accounts 101 | Ecommerce 101
I second this. Not only does it prevent errors like this, it is a security risk if you don't. For example, if I put in a record that saidOriginally Posted by stymiee
, I could really cause some damage. I believe the newest version of PHP or MYSQL prevents this scenario by only allowing one command per query, but the user could still potentially take advantage of the insecure code.PHP Code:" ' DROP DATABASE `users`;"
This sign ' is called an Apostrophe.
It's actually the other way round. It was always coded in a way that mysql_query() would only allow one, but now there's a function to use more than one.
In this case, its a single quote ' , not an apostrophe.This sign ' is called an [size=6]Apostrophe[size=2].
Apostrophie would be this one `
I call that one ` a backtick
this ' was an apostrophe until I started using php.
Parlez-vous français?
Why It Doesn't Work?!
Posting Permissions
Bookmarks