How to insert a string containing quotation marks into a database?

Question

How to insert a string containing quotation marks into a database?

When I try to execute a line containing a quotation mark, the INSERT request fails. How to insert strings with single or double quotes?

eg:

$message = "Bob said 'don't forget to call me'";

mysql_query("INSERT INTO someTable (messages) VALUES ('$message')");

I suppose the input should be filtered out, but what function should I use for this?

+3

php mysql

Sam Jun 26 '10 at 2:27

source share

3 answers

: mysql_real_escape_string

, , , , SQL .

+6

Billy ONeal 26 . '10 2:29

, , - , ? SQL-

+4

Steven Schlansker 26 . '10 3:47

Your Common Sense · Accepted Answer · 2010-06-26T02:30:17+0000

$message = mysql_real_escape_string($message);

this function should be applied to each variable that you intend to insert into the query in quotation marks. No exceptions.
This is not injection protection, but simply a syntax rule.

. : PHP htmlspecialchars() ?

How to insert a string containing quotation marks into a database?

More articles: