How to insert things into a MySQL database with an ' in?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
oskare100
Forum Commoner
Posts: 80
Joined: Sun Oct 29, 2006 5:47 am

How to insert things into a MySQL database with an ' in?

Post by oskare100 »

Hello,
When I run this code:

Code: Select all

$sql55="INSERT INTO users (username, password, ebay_username, ebay_status, ebay_email, paypal_status, paypal_email, num_purchases, first_name, last_name, address_street, address_city, address_state, address_zip, address_country, address_status, created) VALUES('".$row->account_username."', '".$row->account_password."', '".$row->auction_buyer_id."', '$ebay_status', '".$row->account_email."', '".$row->payer_status."', '".$row->account_email."', 1, '".$row->first_name."', '".$row->last_name."', '".$row->address_street."', '".$row->address_city."', '".$row->address_state."', '".$row->address_zip."', '".$row->address_country."', '".$row->address_status."', '$new_script_received')"; 
$result55 = mysql_query($sql55) or die( mysql_error() );
I get the error "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'S ROAD',"

Now it seams like the problem is this field "51 ST SIMONS'S ROAD" and I think the problem is the ', correct me if I'm wrong. How can I solve this problem? (It is a lot of rows I'm running this querey on so I can't just insert it manually).

Thanks in advance,
Best Regards
Oskar R
User avatar
kaszu
Forum Regular
Posts: 749
Joined: Wed Jul 19, 2006 7:29 am

Post by kaszu »

Code: Select all

$row->account_username = mysql_real_escape_string($row->account_username);
$row->account_password = mysql_real_escape_string($row->account_password );
....for all rows
User avatar
dude81
Forum Regular
Posts: 509
Joined: Mon Aug 29, 2005 6:26 am
Location: Pearls City

Post by dude81 »

you need to use

Code: Select all

mysql_real_escape_string();
where you can possibly expect an input strings with apostrophe
Post Reply