Escaping single quote in PHP when inserting into MySQL
You should be escaping each of these strings (in both snippets) with mysql_real_escape_string()
.
http://us3.php.net/mysql-real-escape-string
The reason your two queries are behaving differently is likely because you have magic_quotes_gpc
turned on (which you should know is a bad idea). This means that strings gathered from $_GET, $_POST and $_COOKIES are escaped for you (i.e., "O'Brien" -> "O\'Brien"
).
Once you store the data, and subsequently retrieve it again, the string you get back from the database will not be automatically escaped for you. You'll get back "O'Brien"
. So, you will need to pass it through mysql_real_escape_string()
.
Insert a value containing single quotes in MySQL
You need to use \
(Escape) character to insert single quotes and double quotes.
INSERT INTO table_name(`clomn1`) VALUES ('Ali said, "This is Ashok\'s Pen."')
How to escape single quotes in MySQL
Put quite simply:
SELECT 'This is Ashok''s Pen.';
So inside the string, replace each single quote with two of them.
Or:
SELECT 'This is Ashok\'s Pen.'
Escape it =)
Escaping a single quote in a variable before Insert
I did it this way.
I just started with your output and added a single quote for last part.
$values = mysql_real_escape_string("(111, 'toll_free_number', '888-'123-1234')");
$query = "INSERT INTO yourtable (fieldname) values ('".$values."')";
mysql_query($query) or die(mysql_error());
see more from manual http://php.net/manual/en/function.mysql-real-escape-string.php
How to INSERT string with single quote ' symbol
You might be temped to replace each single quote with two of them.
like so
$myvar = "idiot\'s";
But resist the urge and escape it instead:
<?php $var = "Hello !! idiot's";
mysql_real_escape_string($var);?>
Or even better, use PDO
Add data into php mysql with single quotes
you need to use mysql_real_escape_string
on the value, which you should be doing anyway. That should properly escape your value for insertion.
$name = mysql_real_escape_string($e['NAME']);
$brand = mysql_real_escape_string($e['BRAND']);
$category = mysql_real_escape_string($e['CATEGORY']);
$query = "INSERT INTO table2 (brand, name, category) VALUES ('$brand', '$name', '$category')";
Cant insert string with single quote into MySQL database
Well, the problem might be that you are using an UPDATE(basically should work) syntax in an INSERT query.
And additionally, the output of mysql_real_escape_string() function is still a string, so it should still be surrounded by 2 single quotes.
why won't you try something like this:
$sec_ques = mysql_real_escape_string($sec_ques);
$insert = "INSERT INTO accounts(field1, filed2, field3)
VALUES('{$status}', '{$acc_type}', '{$sec_ques}')";
If that doesn't work either, perhaps you should migrate into using PDO, much more secure and comfortable.
Storing values with single quote in MySQL
You can use a function like mysql_real_escape_string
to escape the string before storing it into the database.
Related Topics
Need to Write At Beginning of File With PHP
PHP Json_Encode Class Private Members
Posting Raw Image Data as Multipart/Form-Data in Curl
PHP: Access Array Value on the Fly
Insert Multiple Rows With One Query MySQL
Simple PHP Strpos Function Not Working, Why
PHP Error: Cannot Modify Header Information - Headers Already Sent
How to Get the Query Executed in Laravel 5? Db::Getquerylog() Returning Empty Array
Difference Between If () { } and If (): Endif;
PHPmailer Godaddy Server Smtp Connection Refused
Remove Text Between Parentheses PHP
Check If JavaScript Is Enabled With PHP
Add 'X' Number of Hours to Date