Saving a double quote sting to mysql

Hai folks,

$query = "INSERT INTO monitor VALUES ('$title','$price')"; 

Where $title contain the word : 15" LCD Monitor
It currently saves as just : 15

please help me to save the full sting as it is :slight_smile:


Do you use mysql_real_escape_string() ?

So where is the problem?

INSERT INTO monitor VALUES ('15" LCD Monitor', '200')

works fine.

Watch the coloration…

$query = "INSERT INTO monitor VALUES ('$title','$price')";

Right… lets put your string in there…

$query = "INSERT INTO monitor VALUES ('15" LCD Monitor','10')";

See the problem?

real_escape_string the thing as smftre said.

Thanks folks,

but i am confused how do i use this funcation in my above query?

thanks folks,

i think this will do the job then…


	$query = "INSERT INTO monitors VALUES ('$title','$price')"; 

As I said :wink:

haha yes yes :smiley:

Thanks folks. Very valuable help :smiley:

No I still cannot see the problem with double quote the following code works like charm:

$product = '"Foo"Bar"';
mysql_query("INSERT INTO `monitor` SET `product` = '{$product}'");

because it is equivalent to:

mysql_query("INSERT INTO `monitor` SET `product` = '\\"Foo\\"Bar\\"'");


// mysql_query("INSERT INTO `monitor` SET `product` = '"Foo"Bar"'");

This one also:

mysql_query("INSERT INTO monitor VALUES ('15\\" LCD Monitor', '10')")

The only thing which may goes bad it is a single quote,

$product = "'Foo'Bar'";

then you really need to escape it.

$product = "\\\\'Foo\\\\'Bar\\\\"';

works like charm.

Of course then you can also mysql_real_escape_string or simply;

$title = str_replace("'", "\\\\'", $title);

If you switch to using prepare and bind statements then the data will be kept entirely separate from the rest of the query and this problem of one being confused for the other will completely disappear.