mysql_real_escape_string() problem

kosaks · January 27, 2012, 5:33pm

Hello all,

I have problems with my string because i would want that my sql string can save my information containing with or without commas, quotes and double quotes…

I have here my string. this string was the result of my php code…

$query = "INSERT INTO table_name
(name, age, height, weight, address)
VALUES (‘thomas’,‘17’,‘5 feet’,‘60 kilograms’,‘address 1, sample’s street.’);

The problem lies on this information “address 1, sample’s street.” because mysql would give me an error message…

My friend tells me to use mysql_real_escape_string() to solve the problem. but im not so sure if this is correct and also im not familiar of this function.

Can someone help me on this one?

Any help will be appreciated… thanks in advance

Return_True · January 27, 2012, 5:54pm

Hi,

I’m thinking this is what you’re looking for: http://php.net/manual/en/function.mysql-real-escape-string.php

Read up on that.

kosaks · January 27, 2012, 6:07pm

Thanks,

I’ve been reading this, unfortunately im having a hard time on implementing it on my query… Im a total noob at mysql and using mysql functions. Could you give me a sample code to start with?

thanks again

Return_True · January 27, 2012, 6:13pm

Hi again,

I prefer to use MySQLi for my queries, so I am going to show an example with that.

$db->query(“INSERT INTO posts (
title,
body
) VALUES (
'” . $db->real_escape_string($_POST[“title”]) . “',
'” . $db->real_escape_string($_POST[“body”]) . “’
)”)";

However, if you can’t follow the MySQLi version, then I’ll post a normal MySQL query instead.

$query = “INSERT INTO posts (title,body) VALUES ('” . mysql_real_escape_string($_POST[“title”]) . “‘,’” . mysql_real_escape_string($_POST[“body”]) . "');

That should do it.

kosaks · January 27, 2012, 6:57pm

Wow! thank you so much Return True!

Last question… what is the difference between MySQLi and MySQL?

thanks

Return_True · January 27, 2012, 8:37pm

You’re welcome.

MySQLi stands for My Structured Query Language improved.
It is a newer version of MySQL, and it is object oriented.

So you can define a variable to connect to the database as such:

$db = new mysqli(“localhost”, “root”, “user”, “pass”, “db”);

Then you can execute a query like this:

$query1 = $db->query(“SELECT * FROM posts ORDER BY id DESC”);

while ($query2 = $query1->fetch_object()) {

echo $query2->title . "<br />
";

}

It’s Object Oriented Programming (OOP); I find it a lot easier to type, and it tends to be a bit faster.

Eric

kosaks · January 28, 2012, 3:16am

thanks again

Topic		Replies	Views
mysqli_real_escape_string PHP	23	5126	November 10, 2014
Problem with mysqli_real_escape_string PHP	4	1268	March 12, 2016
mysql_real_escape_string causing complications PHP	12	772	July 15, 2010
Mysqli_real_escape_string() PHP/MYSQL Function HELP PHP	9	4122	November 26, 2019
mysql_real_escape_string PHP	4	447	December 2, 2010

mysql_real_escape_string() problem

Related topics