Christos

Thanks for the help. The mysql_real_escape_string is not working, i think i'm doing something wrong but the mysql_escape_string is working. Is it safe to keep it or is it better to use the str_replace ? I have problem only with the "product_name" field. $q .= "('$ass_orderID','','$product->virtuemart_manufacturer_id','','$product->virtuemart_product_id','".mysql_escape_string($product->product_name)."','$product->product_price','$product->dl_ebook_url','".gmdate("Y-m-d H:i:s")."','0')"; $queryflag ++;

Hello I'm trying to insert some data to mysql database but when the name of the products contains a special character like ' the query fails to execute. I tried to use mysql_real_escape_string but with no luck. Can anyone help me to escapes special characters from a specific field (product_name) ? Bellow is the code i'm using to insert the data. Any help would be very much appreciated $q = "INSERT INTO `#__publishers_links` (order_id, server_id, publisher_id, secret_key, product_id, product_name, product_price, download_url, date_created, payment) VALUES "; foreach ($cart->products as $product) { if ($product->dl_unlocked == '1' || $product->dl_unlocked == 1) { if ($queryflag == 0) { $q .= "('$ass_orderID','','$product->virtuemart_manufacturer_id','','$product->virtuemart_product_id','$product->product_name','$product->product_price','$product->dl_ebook_url','".gmdate("Y-m-d H:i:s")."','0')"; $queryflag ++; } else { $q .= ",('$ass_orderID','','$product->virtuemart_manufacturer_id','','$product->virtuemart_product_id','$product->product_name','$product->product_price','$product->dl_ebook_url','".gmdate("Y-m-d H:i:s")."','0')"; $queryflag ++; } } else { $product->dl_ebook_url = $serverID->ebook_url; if ($product->dl_server_id != 0 && $product->dl_server_id != '0') { $link_url = $product->dl_link_url.'?'; $book_url = 'action=enterorder&ordersource='.urlencode($product->dl_order_source); if ($product->dl_publisher_order_format == '' || $product->dl_publisher_order_format == 'NULL') { $book_url .= '&orderid='.urlencode($ass_orderID).'-'.($product->virtuemart_product_id); } else { $replace = str_replace('[XXX]', $ass_orderID, $product->dl_publisher_order_format); $book_url .= '&orderid='.urlencode($replace).'-'.($product->virtuemart_product_id); } $dateval=time(); $gbauthdate=date('m/d/Y'); $Secret = $product->dl_shared_secret; if ($product->dl_pdf_id != '') { $book_url .= '&resid='.urlencode('urn:uuid:'.$product->dl_pdf_id); } else if ($product->dl_epub_id != '') { $book_url .= '&resid='.urlencode('urn:uuid:'.$product->dl_epub_id); } else { //throwing an alert - ti allo? $document =& JFactory::getDocument(); $document->addScriptDeclaration (" alert('xxxxxxxxxxxxxxxxxxxx'); "); } $book_url .= '&gbauthdate='.urlencode($gbauthdate); $book_url .= '&dateval='.urlencode($dateval); $book_url .= '&gblver=4'; $book_url = str_replace('%2D','-',$book_url); $download_link = $link_url.$book_url."&auth=".hash_hmac("sha1", $book_url, base64_decode($Secret)); if ($queryflag == 0) { $q .= "('$ass_orderID','$product->dl_server_id','$product->virtuemart_manufacturer_id','$product->dl_shared_secret','$product->virtuemart_product_id','$product->product_name','$product->product_price','$download_link','".gmdate("Y-m-d H:i:s")."','0')"; $queryflag ++; } else { $q .= ",('$ass_orderID','$product->dl_server_id','$product->virtuemart_manufacturer_id','$product->dl_shared_secret','$product->virtuemart_product_id','$product->product_name','$product->product_price','$download_link','".gmdate("Y-m-d H:i:s")."','0')"; } } }