Page 1 of 1

How to insert things into a MySQL database with an ' in?

Posted: Wed Jan 24, 2007 3:21 am
by oskare100
Hello,
When I run this code:

Code: Select all

$sql55="INSERT INTO users (username, password, ebay_username, ebay_status, ebay_email, paypal_status, paypal_email, num_purchases, first_name, last_name, address_street, address_city, address_state, address_zip, address_country, address_status, created) VALUES('".$row->account_username."', '".$row->account_password."', '".$row->auction_buyer_id."', '$ebay_status', '".$row->account_email."', '".$row->payer_status."', '".$row->account_email."', 1, '".$row->first_name."', '".$row->last_name."', '".$row->address_street."', '".$row->address_city."', '".$row->address_state."', '".$row->address_zip."', '".$row->address_country."', '".$row->address_status."', '$new_script_received')"; 
$result55 = mysql_query($sql55) or die( mysql_error() );
I get the error "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'S ROAD',"

Now it seams like the problem is this field "51 ST SIMONS'S ROAD" and I think the problem is the ', correct me if I'm wrong. How can I solve this problem? (It is a lot of rows I'm running this querey on so I can't just insert it manually).

Thanks in advance,
Best Regards
Oskar R

Posted: Wed Jan 24, 2007 3:38 am
by kaszu

Code: Select all

$row->account_username = mysql_real_escape_string($row->account_username);
$row->account_password = mysql_real_escape_string($row->account_password );
....for all rows

Posted: Wed Jan 24, 2007 3:46 am
by dude81
you need to use

Code: Select all

mysql_real_escape_string();
where you can possibly expect an input strings with apostrophe