Skip to main content

Apostrophe issue when inserting into MySQL

Image
By User



I have a script where I submit some fields that get entered into a MySQL database when I submit it now it goes through successfully but never gets inserted into the database if one of the fields has an apostrophe. What can I modify to get this to work?







if ($_POST) {

$name = trim($_POST['your_name']);

$email = trim($_POST['your_email']);

$answers = $_POST['answers'];

$i = 0;

foreach ($answers as $a) {

    if (trim($a))

        $i++;

}



if ($name && $email && $i >= 40) {

    $array = array();

    $q = mysql_query("select * from fields");

    while($f = mysql_fetch_array($q))

        $array[$f['label']] = $answers[$f['ID']];



    $array = serialize($array);

    $time = time();

    $ip = $_SERVER['REMOTE_ADDR'];

    $token = md5($time);



    $result = mysql_query("insert into data (submit_name, submit_email, submit_data, submit_confirm, submit_time, submit_ip, submit_token) 

        values ('$name', '$email', '$array', '0', '$time', '$ip', '$token')");




Labels:

Comments

  1. AdminJanuary 14, 2012 at 4:36 AM

    You need to escape characters with special meaning in MySQL in your data.

    The quick and dirty way to improve your code would be to pass all your strings through mysql_real_escape_string before inserting them into your string of SQL.

    The better approach would be to switch away from mysql_query to something that allows the use of bound parameters (preferably with prepared statements).

    ReplyDelete
  2. AdminJanuary 14, 2012 at 4:36 AM

    Use mysql_real_escape_string(), as this will both fix your apostrophe issue and at least partly help avoid SQL injection attacks. If you don't want to get your hands dirty with PHP's built-in PDO library, you might consider a Database Abstraction Layer (DBAL). ADODB is an example.

    ReplyDelete

Post a Comment

Popular posts from this blog

Why is this Javascript much *slower* than its jQuery equivalent?

By User
I have a HTML list of about 500 items and a "filter" box above it. I started by using jQuery to filter the list when I typed a letter (timing code added later): $('#filter').keyup( function() { var jqStart = (new Date).getTime(); var search = $(this).val().toLowerCase(); var $list = $('ul.ablist > li'); $list.each( function() { if ( $(this).text().toLowerCase().indexOf(search) === -1 ) $(this).hide(); else $(this).show(); } ); console.log('Time: ' + ((new Date).getTime() - jqStart)); } ); However, there was a couple of seconds delay after typing each letter (particularly the first letter). So I thought it may be slightly quicker if I used plain Javascript (I read recently that jQuery's each function is particularly slow). Here's my JS equivalent: document.getElementById('filter').addEventListener( 'keyup', function () { var jsStart = (new Date).getTime()...
3 comments
Read more