Escaping single and double quotes mysql

Question

GlenRogers 0 Newbie Poster

11 Years Ago

Hi
I take data from a html form to inseert to mysql, sometimes that data has single and double quotes in it. How do you get the quotes to be part of the string so i can add to mysql.

Hers what I have, but this still gives me a sql error.

if (!empty($_REQUEST['atitle'])){
                     $title = $_REQUEST['atitle'];
                  }
                  else{
                     $title = NULL;
                   }
                   if (!empty($_REQUEST['acontent'])){
                      $content = $_REQUEST['acontent'];
                   }
                   else{
                      $content = NULL;
                      echo "<span class='text'><p>Enter content for the News Item</p></span>";
                    }
                if ($title && $content){    
      $query = "INSERT INTO projects VALUES (NULL, '"mysql_real_escape_string($atitle)"', '"mysql_real_escape_string($acontent)"', '$remote_file', '$remote_file1', '$remote_file2')";
      $result = mysql_query($query);
      if(!$result){
         $error = 'An error occured: '. mysql_error().'<br />';
         $error.= 'Query was: '.$query;
         echo $error;
         die($message);
      }

Thanks for looking..................

mysql php

2 Contributors
4 Replies
401 Views
6 Hours Discussion Span
Latest Post 11 Years Ago Latest Post by diafol

diafol

11 Years Ago

You need to concatenate (.):

$query = "INSERT INTO projects VALUES (NULL, '" . mysql_real_escape_string($atitle) . "', '" . mysql_real_escape_string($acontent) . "', '$remote_file', '$remote_file1', '$remote_file2')";

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

GlenRogers 0 Newbie Poster · Answer 1 · 2013-06-14T13:09:49+00:00

On further inspection this seems to be esaping the double quotes but not the single quotes!

Anyone know why?

GlenRogers 0 Newbie Poster · Answer 2 · 2013-06-14T15:18:01+00:00

Now I get this error
An error occured: Column count doesn't match value count at row 1
Query was: INSERT INTO projects VALUES (NULL, ''', ''', '', '', '')

But only when there are single quotes, works ok for double quotes!

diafol · Answer 3 · 2013-06-14T19:44:13+00:00

$atitle = mysql_real_escape_string($atitle);
$acontent = mysql_real_escape_string($acontent);

$query = "INSERT INTO projects VALUES (NULL, '$atitle', '$acontent', '$remote_file', '$remote_file1', '$remote_file2')";