Page 1 of 1

Passing a file to mysql database, ' causing errors

Posted: Mon Feb 02, 2009 4:45 pm
by kwdamp
I'm using the following snippet of code to pass an entire file (with a 30kb size limit) into a field in a mysql database. The only problem is, anytime the file includes the single quote sign ('), the insert is failing. Now I know I could parse the file and comment out the symbols, but that is kind of an ugly way to do it and leads to some problems in how I'm going to be reading the data out later. Is there a way to get around this on the php side?

Code: Select all

      
        $fileName = $_FILES['uploaded_file']['name']; 
        $tmpName  = $_FILES['uploaded_file']['tmp_name']; 
        $fileSize = $_FILES['uploaded_file']['size'];
         
        $fp = fopen($tmpName, 'r'); 
        $contents = fread($fp, $fileSize);  
        fclose($fp); 
        
        echo $fileSize;
        echo $contents;
  
        $insertsql = "INSERT INTO lists (list, contributor)
        VALUES ('$contents', 'admin')";

Re: Passing a file to mysql database, ' causing errors

Posted: Mon Feb 02, 2009 5:00 pm
by Theory?
Wouldn't you need to escape the file contents then?

Re: Passing a file to mysql database, ' causing errors

Posted: Mon Feb 02, 2009 5:02 pm
by mickeyunderscore
Theory is right, look into using mysql_real_escape_string() on the PHP manual. If you have magic quotes enabled, then you should run stripslashes() first