webguync Posted June 24, 2008 Share Posted June 24, 2008 I am developing a form, where people login and fill out some checkboxes. The name and checkbox info is inserted into a MySQL DB. If someone has an apostrophe in their name like O'Neil, this throws and error when they submit. I believe the apostrophe is causing the error. How can I apostrophe proof the name field? Link to comment https://forums.phpfreaks.com/topic/111670-solved-apostrophe-causes-sql-error-with-database-insert/ Share on other sites More sharing options...
kenrbnsn Posted June 24, 2008 Share Posted June 24, 2008 You need to use the function mysql_real_escape_string() on all string values being inserted into the database. Ken Link to comment https://forums.phpfreaks.com/topic/111670-solved-apostrophe-causes-sql-error-with-database-insert/#findComment-573205 Share on other sites More sharing options...
webguync Posted June 24, 2008 Author Share Posted June 24, 2008 thanks, I added the function here, but there is a syntax error somewhere. Also, can I just use the whole $insert instead of doing each field individually? $insert = "INSERT INTO $check_table (`Assessor`,`AssessorID`,`EmpName`,`EmpID`, `Blocks`,`date_uploaded`) VALUES ('$Assessor','$Assessor_ID','$name','$emp_id', '$blocks', '$now')"; mysql_query($insert) or die(mysql_error()), mysql_real_escape_string($Assessor), mysql_real_escape_string($Assessor_ID)); Link to comment https://forums.phpfreaks.com/topic/111670-solved-apostrophe-causes-sql-error-with-database-insert/#findComment-573222 Share on other sites More sharing options...
kenrbnsn Posted June 24, 2008 Share Posted June 24, 2008 You need to use it on the variables being inserted: <?php $insert = "INSERT INTO $check_table (`Assessor`,`AssessorID`,`EmpName`,`EmpID`, `Blocks`,`date_uploaded`) VALUES ('" . mysql_real_escape_string($Assessor) . "','" . mysql_real_escape_string($Assessor_ID) . "','" . mysql_real_escape_string($name) . "','" . mysql_real_escape_string($emp_id) . "', '" . mysql_real_escape_string($blocks) . "', '" . mysql_real_escape_string($now) . "')"; $ rs = mysql_query($insert) or die("Problem with the query: $insert<br>" . mysql_error()); ?> Ken Link to comment https://forums.phpfreaks.com/topic/111670-solved-apostrophe-causes-sql-error-with-database-insert/#findComment-573230 Share on other sites More sharing options...
waynew Posted June 24, 2008 Share Posted June 24, 2008 Ken's right. Anything that goes into your DB should be first cleaned-up with that function mysql_real_escape_string(). Otherwise errors will be the last thing you'll have to worry about. Link to comment https://forums.phpfreaks.com/topic/111670-solved-apostrophe-causes-sql-error-with-database-insert/#findComment-573231 Share on other sites More sharing options...
webguync Posted June 24, 2008 Author Share Posted June 24, 2008 ok. I gotcha. I tested with some data including commas and everything seems to work now. thanks! Link to comment https://forums.phpfreaks.com/topic/111670-solved-apostrophe-causes-sql-error-with-database-insert/#findComment-573237 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.