Hello
I'm trying to insert some data to mysql database but when the name of the products contains a special character like ' the query fails to execute.
I tried to use mysql_real_escape_string but with no luck. Can anyone help me to escapes special characters from a specific field (product_name) ?
Bellow is the code i'm using to insert the data.
Any help would be very much appreciated
$q = "INSERT INTO `#__publishers_links` (order_id, server_id, publisher_id, secret_key, product_id, product_name, product_price, download_url, date_created, payment) VALUES ";
foreach ($cart->products as $product) {
if ($product->dl_unlocked == '1' || $product->dl_unlocked == 1) {
if ($queryflag == 0) {
$q .= "('$ass_orderID','','$product->virtuemart_manufacturer_id','','$product->virtuemart_product_id','$product->product_name','$product->product_price','$product->dl_ebook_url','".gmdate("Y-m-d H:i:s")."','0')";
$queryflag ++;
} else {
$q .= ",('$ass_orderID','','$product->virtuemart_manufacturer_id','','$product->virtuemart_product_id','$product->product_name','$product->product_price','$product->dl_ebook_url','".gmdate("Y-m-d H:i:s")."','0')";
$queryflag ++;
}
} else {
$product->dl_ebook_url = $serverID->ebook_url;
if ($product->dl_server_id != 0 && $product->dl_server_id != '0') {
$link_url = $product->dl_link_url.'?';
$book_url = 'action=enterorder&ordersource='.urlencode($product->dl_order_source);
if ($product->dl_publisher_order_format == '' || $product->dl_publisher_order_format == 'NULL') {
$book_url .= '&orderid='.urlencode($ass_orderID).'-'.($product->virtuemart_product_id);
} else {
$replace = str_replace('[XXX]', $ass_orderID, $product->dl_publisher_order_format);
$book_url .= '&orderid='.urlencode($replace).'-'.($product->virtuemart_product_id);
}
$dateval=time();
$gbauthdate=date('m/d/Y');
$Secret = $product->dl_shared_secret;
if ($product->dl_pdf_id != '') {
$book_url .= '&resid='.urlencode('urn:uuid:'.$product->dl_pdf_id);
} else if ($product->dl_epub_id != '') {
$book_url .= '&resid='.urlencode('urn:uuid:'.$product->dl_epub_id);
} else { //throwing an alert - ti allo?
$document =& JFactory::getDocument();
$document->addScriptDeclaration ("
alert('xxxxxxxxxxxxxxxxxxxx');
");
}
$book_url .= '&gbauthdate='.urlencode($gbauthdate);
$book_url .= '&dateval='.urlencode($dateval);
$book_url .= '&gblver=4';
$book_url = str_replace('%2D','-',$book_url);
$download_link = $link_url.$book_url."&auth=".hash_hmac("sha1", $book_url, base64_decode($Secret));
if ($queryflag == 0) {
$q .= "('$ass_orderID','$product->dl_server_id','$product->virtuemart_manufacturer_id','$product->dl_shared_secret','$product->virtuemart_product_id','$product->product_name','$product->product_price','$download_link','".gmdate("Y-m-d H:i:s")."','0')";
$queryflag ++;
} else {
$q .= ",('$ass_orderID','$product->dl_server_id','$product->virtuemart_manufacturer_id','$product->dl_shared_secret','$product->virtuemart_product_id','$product->product_name','$product->product_price','$download_link','".gmdate("Y-m-d H:i:s")."','0')";
}
}
}