Page 1 of 1

quotes breaking code

Posted: Sun Apr 12, 2009 8:34 pm
by drschwartz
I'm running a fairly simple script to take the contents of form entry fields and store in MySQL -- as simple as could be, right? When I run my script, however, when there's a single quote in a field, I get the following error. Note the the single quote was positioned just before "test" in the field.

"Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\''test', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y' )' at line 2"

Any suggested solutions? I'm not quite sure what's happening so any help would be greatly appreciated.

TIA,
David

Re: quotes breaking code

Posted: Sun Apr 12, 2009 8:50 pm
by requinix
Run your strings through mysql_real_escape_string before you stick them into a query.


Strings in SQL are just like strings in PHP.

Code: Select all

"valid"
'also valid'
'isn't valid'
 
PHP thought the string ended right after the 'n'. So then the stuff afterwards is supposed to be code. But it isn't.
Same kind of thing happens in SQL.