homepage Welcome to WebmasterWorld Guest from 54.227.34.0
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Replacing single quotes for sql query
single quotes
kkonline

5+ Year Member



 
Msg#: 3954975 posted 5:28 pm on Jul 18, 2009 (gmt 0)

Hi,
I have to store the following text in sql

INSERT INTO `rss_data` (`newsurlid`,`newstitle`) VALUES ('95','Special Ghana site for President Obama's visit')You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's visit')' at line 1

I am getting error because of single quotes; how to solve this and replace the single quotes?

 

NomikOS

5+ Year Member



 
Msg#: 3954975 posted 2:30 am on Jul 19, 2009 (gmt 0)

may be?
$newstitle = addslashes($newstitle); 
OR
$newstitle = str_replace("'", ''', $newstitle);

pinterface

5+ Year Member



 
Msg#: 3954975 posted 3:45 am on Jul 19, 2009 (gmt 0)

First, read about SQL Injection [us.php.net], because you're vulnerable to it--which means anyone who so desired could nuke your entire database, or worse. Never trust user data.

NomikOS's proposed solutions are incorrect. The first, if it works at all, only works by accident. The second makes an assumption which may not always be true. Neither will fully protect you.

Instead, look at mysqli [us.php.net]. Specifically, prepared statements [us.php.net] are the way to go. They help ensure proper SQL syntax and make avoiding SQL injection far easier.

mysql_real_escape_string [us.php.net] will also work, but it's far too easy to forget or mess up, which is why I suggest using prepared statements.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved