mysql escape string

Question

desiguru 0 Junior Poster in Training

15 Years Ago

How do i escape a string that includes a lot of ' and "

Here is my sql inser query's some part

VALUES
('','$_POST[FileID]','$_POST[FileAddress]','$_POST[Name]','$_POST[Requirements]','$_POST[DateAdded]','$_POST[Size]','$_POST[Changes]')";

mysql php

3 Contributors
2 Replies
88 Views
9 Hours Discussion Span
Latest Post 15 Years Ago Latest Post by buddylee17

compdoc 3 Posting Whiz

15 Years Ago

ok its better if you assign a variable to each $_POST and use the variable in the insert query like so.

//example
$FileID = $_POST['FileID'];
$FileAddress = $_POST['FileAddress'];
$Name = $_POST['Name'];
$Requirements = $_POST['Requirements'];
$DateAdded =  $_POST['DateAdded'];
$Size = $_POST['Size'];
$Changes = $_POST['Changes'];


VALUES
('$FileID', '$FileAddress', '$Name', '$Requirements', '$DateAdded', '$Size',' $Changes')";

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

buddylee17 216 Practically a Master Poster · Answer 1 · 2008-12-22T10:55:43+00:00

You could also cleanse the complete post array:

<?php
@extract($_POST);
foreach($_POST as $key => $value){
mysql_real_escape_string($value);
}
//now do specific cleansing and insert query