Page 1 of 1

Embedded quotes

Posted: Wed Oct 08, 2008 5:09 am
by cdjohn
I am using PHp to insert data into a mysql table. as follows

$query = "INSERT INTO database (category, catname, active) VALUES('$category', '$catname', '$active' ) ";

The problem is if the variable catname contains quotes (for example - LAST YEAR'S STOCK -) I get mysql errors.

Any suggestions?

Re: Embedded quotes

Posted: Wed Oct 08, 2008 5:21 am
by papa

Re: Embedded quotes

Posted: Wed Oct 08, 2008 5:26 am
by VladSun

Re: Embedded quotes

Posted: Wed Oct 08, 2008 6:09 am
by papa
My bad.

However I had problems with ' before I added these lines:

Code: Select all

 
if(get_magic_quotes_gpc()) {
    $name = stripslashes($name);
}
And the using mysq_real_escape_string to your insert.