feakazoid Posted January 31, 2009 Share Posted January 31, 2009 Hi guys, I was wondering how i would go about inserting data with an apostrophe in it using sql. Currently i am inserting data like this "INSERT into table(field) values('$feild')"; Obviously when $feild contains an apostrophe this causes problems, what is the solution to this problem? Link to comment https://forums.phpfreaks.com/topic/143226-inserting-apostrophe-into-a-record-mysql/ Share on other sites More sharing options...
xtopolis Posted January 31, 2009 Share Posted January 31, 2009 $field = mysql_real_escape_string($field); mysql_real_escape_string Link to comment https://forums.phpfreaks.com/topic/143226-inserting-apostrophe-into-a-record-mysql/#findComment-751156 Share on other sites More sharing options...
uniflare Posted January 31, 2009 Share Posted January 31, 2009 This is a security vulnerability. For more information on this there are plenty of tutorials: search for "Mysql Injection php" on http://www.google.com/ There is also another common mysql vulnerability whereby fields like username fields etc can hold javascript, when the username gets displayed on a page so does the javascript, and they can do some pretty nasty things . For All Other Security issues google "PHP Security", phpfreaks has a tutorial on this also. Link to comment https://forums.phpfreaks.com/topic/143226-inserting-apostrophe-into-a-record-mysql/#findComment-751157 Share on other sites More sharing options...
feakazoid Posted January 31, 2009 Author Share Posted January 31, 2009 Thankyou thats got it working! Link to comment https://forums.phpfreaks.com/topic/143226-inserting-apostrophe-into-a-record-mysql/#findComment-751194 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.