SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Guru afridy's Avatar
    Join Date
    Mar 2007
    Posts
    960
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    saving a double quote sting to mysql

    Hai folks,

    Code:
    $query = "INSERT INTO monitor VALUES ('$title','$price')";
    Where $title contain the word : 15" LCD Monitor
    It currently saves as just : 15

    please help me to save the full sting as it is

    tx.

  2. #2
    SitePoint Evangelist smftre's Avatar
    Join Date
    Dec 2008
    Location
    London
    Posts
    434
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Do you use mysql_real_escape_string() ?
    Statvoo.com The Website Traffic Monitor
    The best way to monitor traffic to your sites for free!


    Web Development London UK We make web 3.0 applications

  3. #3
    SitePoint Enthusiast Adam Chrapkowski's Avatar
    Join Date
    Sep 2011
    Location
    Poland
    Posts
    42
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So where is the problem?
    Code:
    INSERT INTO monitor VALUES ('15" LCD Monitor', '200')
    works fine.

  4. #4
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,747
    Mentioned
    64 Post(s)
    Tagged
    0 Thread(s)
    Watch the coloration...
    PHP Code:
    $query "INSERT INTO monitor VALUES ('$title','$price')"
    Right... lets put your string in there...
    PHP Code:
    $query "INSERT INTO monitor VALUES ('15" LCD Monitor','10')"; 
    See the problem?

    real_escape_string the thing as smftre said.

  5. #5
    SitePoint Guru afridy's Avatar
    Join Date
    Mar 2007
    Posts
    960
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by StarLion View Post
    Watch the coloration...
    PHP Code:
    $query "INSERT INTO monitor VALUES ('$title','$price')"
    Right... lets put your string in there...
    PHP Code:
    $query "INSERT INTO monitor VALUES ('15" LCD Monitor','10')"; 
    See the problem?

    real_escape_string the thing as smftre said.
    Thanks folks,

    but i am confused how do i use this funcation in my above query?

  6. #6
    SitePoint Guru afridy's Avatar
    Join Date
    Mar 2007
    Posts
    960
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    thanks folks,

    i think this will do the job then..

    Code:
    	$title=mysql_real_escape_string($title);
    
    	$query = "INSERT INTO monitors VALUES ('$title','$price')";

  7. #7
    SitePoint Evangelist smftre's Avatar
    Join Date
    Dec 2008
    Location
    London
    Posts
    434
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    As I said
    Statvoo.com The Website Traffic Monitor
    The best way to monitor traffic to your sites for free!


    Web Development London UK We make web 3.0 applications

  8. #8
    SitePoint Guru afridy's Avatar
    Join Date
    Mar 2007
    Posts
    960
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by smftre View Post
    As I said
    haha yes yes

    Thanks folks. Very valuable help

  9. #9
    SitePoint Enthusiast Adam Chrapkowski's Avatar
    Join Date
    Sep 2011
    Location
    Poland
    Posts
    42
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No I still cannot see the problem with double quote the following code works like charm:
    PHP Code:
    $product '"Foo"Bar"';
    mysql_query("INSERT INTO `monitor` SET `product` = '{$product}'"); 
    because it is equivalent to:
    PHP Code:
    mysql_query("INSERT INTO `monitor` SET `product` = '\"Foo\"Bar\"'"); 
    not:
    PHP Code:
    // mysql_query("INSERT INTO `monitor` SET `product` = '"Foo"Bar"'"); 
    This one also:
    PHP Code:
    mysql_query("INSERT INTO monitor VALUES ('15\" LCD Monitor', '10')"
    The only thing which may goes bad it is a single quote,
    PHP Code:
    $product "'Foo'Bar'"
    then you really need to escape it.
    PHP Code:
    $product "\\'Foo\\'Bar\\"'; 
    works like charm.

    Of course then you can also mysql_real_escape_string or simply;
    PHP Code:
    $title str_replace("'""\\'"$title); 

  10. #10
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,603
    Mentioned
    24 Post(s)
    Tagged
    1 Thread(s)
    If you switch to using prepare and bind statements then the data will be kept entirely separate from the rest of the query and this problem of one being confused for the other will completely disappear.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •