galvin Posted April 3, 2009 Share Posted April 3, 2009 I'm sure this is easy but can someone help me here. I have MySQL code to insert last names into a database. I'll strip it down for examples sake... $sql = "INSERT into names (last) values ('$player1last')"; My problem is that if the Last Name has an apostrophe (like O'Connell), then I get the following error... Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Connell')' at line 1 So I realize I have to do something to escape (or maybe temporarily strip?) the apostrohe in last names that have them. I just can't figure out how to do it. I'm pretty sure my new code will be... $player1last = {{{ some code to do something to $player1last to handle any apostrophes that might be in it }}} $sql = "INSERT into names (last) values ('$player1last')"; But obviously I need help with the part in {{{...}}}. Can anyone help me here? Link to comment https://forums.phpfreaks.com/topic/152328-solved-apostrophe-trouble/ Share on other sites More sharing options...
sh0wtym3 Posted April 3, 2009 Share Posted April 3, 2009 Yep, use $player1last = ereg_replace("'","",player1last); Link to comment https://forums.phpfreaks.com/topic/152328-solved-apostrophe-trouble/#findComment-800001 Share on other sites More sharing options...
redarrow Posted April 3, 2009 Share Posted April 3, 2009 why not str_replace() it faster in this situation. just asking. also ergi or ereg is old fashion and not turned on in php6 so get use to prg_replace() function. Link to comment https://forums.phpfreaks.com/topic/152328-solved-apostrophe-trouble/#findComment-800005 Share on other sites More sharing options...
taquitosensei Posted April 3, 2009 Share Posted April 3, 2009 or even better $sql="insert into name(last) values('".mysql_real_escape_string($player1last)."'); takes care of some security issues as well as escaping the string for insert Link to comment https://forums.phpfreaks.com/topic/152328-solved-apostrophe-trouble/#findComment-800007 Share on other sites More sharing options...
redarrow Posted April 3, 2009 Share Posted April 3, 2009 you forgot post big boy lol $sql="insert into name(last) values('".mysql_real_escape_string($_POST['player1last'])."'); Link to comment https://forums.phpfreaks.com/topic/152328-solved-apostrophe-trouble/#findComment-800009 Share on other sites More sharing options...
galvin Posted April 3, 2009 Author Share Posted April 3, 2009 Thanks everyone. I actually want to KEEP the apostrophe in the name, so that would just be... $player1last = str_replace("'","\'",player1last); That works (I just tried it ). But if you're now saying that the following is better to use... $sql="insert into name(last) values('".mysql_real_escape_string($_POST['player1last'])."'); ...how would I use that newest code AND KEEP the apostrophe? Link to comment https://forums.phpfreaks.com/topic/152328-solved-apostrophe-trouble/#findComment-800010 Share on other sites More sharing options...
DarkWater Posted April 3, 2009 Share Posted April 3, 2009 $player1last = mysql_real_escape_string($player1last); $sql = "INSERT into names (last) values ('$player1last')"; You definitely want to be using MSRE here. I know it was already suggested, but I just separated it from the SQL string so you could see it more clearly. Link to comment https://forums.phpfreaks.com/topic/152328-solved-apostrophe-trouble/#findComment-800016 Share on other sites More sharing options...
galvin Posted April 3, 2009 Author Share Posted April 3, 2009 Cool, thanks again everyone! Link to comment https://forums.phpfreaks.com/topic/152328-solved-apostrophe-trouble/#findComment-800020 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.