quotes breaking code

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
drschwartz
Forum Newbie
Posts: 12
Joined: Fri Feb 27, 2009 8:49 am

quotes breaking code

Post by drschwartz »

I'm running a fairly simple script to take the contents of form entry fields and store in MySQL -- as simple as could be, right? When I run my script, however, when there's a single quote in a field, I get the following error. Note the the single quote was positioned just before "test" in the field.

"Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\''test', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y' )' at line 2"

Any suggested solutions? I'm not quite sure what's happening so any help would be greatly appreciated.

TIA,
David
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: quotes breaking code

Post by requinix »

Run your strings through mysql_real_escape_string before you stick them into a query.


Strings in SQL are just like strings in PHP.

Code: Select all

"valid"
'also valid'
'isn't valid'
 
PHP thought the string ended right after the 'n'. So then the stuff afterwards is supposed to be code. But it isn't.
Same kind of thing happens in SQL.
Post Reply