Problem in inserting record in mysql using php

Discussion in 'PHP' started by Freakbanner, Jan 18, 2011.

0
  1. #1
    Hello experts

    My code is working well when I dont have quote in the text but when I have a quote its not allowing to insert in mysql table.

    What should i do?
     
    Freakbanner, Jan 18, 2011 IP
  2. swashata

    swashata Member

    Messages:
    86
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    43
    #2
    Use mysqli_real_escape_string function to escape the string. You should do so to avoid any security hole. For example
    <?php
<?php
$dbC = mysqli_connect('localhost', 'user', 'pass', 'database');
$data1 = mysqli_real_escape_string($dbC, $_POST['data1']);
$data2 = mysqli_real_escape_string($dbC, $_POST['data2']);
mysqli_query($dbC, "INSERT INTO table_name(field1, field2) VALUES({$data1}, {$data2})");
?>
    PHP:
    Hope it helps.
     
    swashata, Jan 18, 2011 IP
  3. rusianace

    rusianace Peon

    Messages:
    6
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    or just mysql_real_escape_string if you dont have mysqli module installed
     
    rusianace, Jan 18, 2011 IP
  4. olddocks

    olddocks Notable Member

    Messages:
    3,275
    Likes Received:
    165
    Best Answers:
    0
    Trophy Points:
    215
    #4
    yes, you have to escape the special characters before inserting to mysql. mysql_real_escape_string() will defiitely help!
     
    olddocks, Jan 18, 2011 IP