1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Problem in inserting record in mysql using php

Discussion in 'PHP' started by Freakbanner, Jan 18, 2011.

  1. #1
    Hello experts

    My code is working well when I dont have quote in the text but when I have a quote its not allowing to insert in mysql table.

    What should i do?
     
    Freakbanner, Jan 18, 2011 IP
  2. swashata

    swashata Member

    Messages:
    86
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    43
    #2
    Use mysqli_real_escape_string function to escape the string. You should do so to avoid any security hole. For example
    <?php
    <?php
    $dbC = mysqli_connect('localhost', 'user', 'pass', 'database');
    $data1 = mysqli_real_escape_string($dbC, $_POST['data1']);
    $data2 = mysqli_real_escape_string($dbC, $_POST['data2']);
    mysqli_query($dbC, "INSERT INTO table_name(field1, field2) VALUES({$data1}, {$data2})");
    ?>
    PHP:
    Hope it helps.
     
    swashata, Jan 18, 2011 IP
  3. rusianace

    rusianace Peon

    Messages:
    6
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    or just mysql_real_escape_string if you dont have mysqli module installed
     
    rusianace, Jan 18, 2011 IP
  4. olddocks

    olddocks Notable Member

    Messages:
    3,275
    Likes Received:
    165
    Best Answers:
    0
    Trophy Points:
    215
    #4
    yes, you have to escape the special characters before inserting to mysql. mysql_real_escape_string() will defiitely help!
     
    olddocks, Jan 18, 2011 IP