Passing a file to mysql database, ' causing errors

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
kwdamp
Forum Newbie
Posts: 6
Joined: Mon Feb 02, 2009 4:41 pm

Passing a file to mysql database, ' causing errors

Post by kwdamp »

I'm using the following snippet of code to pass an entire file (with a 30kb size limit) into a field in a mysql database. The only problem is, anytime the file includes the single quote sign ('), the insert is failing. Now I know I could parse the file and comment out the symbols, but that is kind of an ugly way to do it and leads to some problems in how I'm going to be reading the data out later. Is there a way to get around this on the php side?

Code: Select all

      
        $fileName = $_FILES['uploaded_file']['name']; 
        $tmpName  = $_FILES['uploaded_file']['tmp_name']; 
        $fileSize = $_FILES['uploaded_file']['size'];
         
        $fp = fopen($tmpName, 'r'); 
        $contents = fread($fp, $fileSize);  
        fclose($fp); 
        
        echo $fileSize;
        echo $contents;
  
        $insertsql = "INSERT INTO lists (list, contributor)
        VALUES ('$contents', 'admin')";
Theory?
Forum Contributor
Posts: 138
Joined: Wed Apr 11, 2007 10:43 am

Re: Passing a file to mysql database, ' causing errors

Post by Theory? »

Wouldn't you need to escape the file contents then?
mickeyunderscore
Forum Contributor
Posts: 129
Joined: Sat Jan 31, 2009 9:00 am
Location: UK

Re: Passing a file to mysql database, ' causing errors

Post by mickeyunderscore »

Theory is right, look into using mysql_real_escape_string() on the PHP manual. If you have magic quotes enabled, then you should run stripslashes() first
Post Reply