apostrophe!

Anon

I'm having some problems inserting a block of text from a form into a MySQL table. It doesn't have any problems unless I use an apostrophe in any of the text. Here is the script the form is using:

<?
$sql = "INSERT INTO my_table (time_date, content) VALUES ('$time_date', '$content')";
$connection = mysql_connect("localhost", "my_username", "my_password") or die ("Couldn't connect to server.");
$db = mysql_select_db("my_database", $connection) or die ("Couldn't select database.");
$sql_result = mysql_query($sql,$connection) or die ("Couldn't execute query.");
?>

I have PHP 4 and MySQL 3.22.27 installed on my server.

Please help me!

lawnmowerman

I'm assuming $content is the variable in question.

Just use addslashes() to escape any apostrophies.

$content = addslashes( $content );

Hope this helps!

-Rich

psaurabh

or use escape sequence

Anon

Most databases use a single quote as a way to mark what text is to be inserted into the table column. Because of this, if you use a single quote (or apostrophe) within the text, the database is going to assume that you are ending your text block. Then the database comes across ill-formatted syntax (the text after the second single quote) and chokes. Here is an example:

SELECT * FROM table WHERE column='Brett's Text';

The database sees "SELECT * FROM table WHERE column='Brett'" as the query followed not by a semicolon (😉 but by "s Text';", and has no idea what to do.

In short, use PHP's addslashes() function as recommended by Rich Alloway or simply escape the single quote yourself like saurabh suggested.

Anon

Thanks everyone, I really appreciate the help!

Anon

wow, i had this problem too, and

$content = addslashes( $content );

worked perfectly.

thanks...