galvin Posted April 3, 2009 Share Posted April 3, 2009 I'm sure this is easy but can someone help me here. I have MySQL code to insert last names into a database. I'll strip it down for examples sake... $sql = "INSERT into names (last) values ('$player1last')"; My problem is that if the Last Name has an apostrophe (like O'Connell), then I get the following error... Database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Connell')' at line 1 So I realize I have to do something to escape (or maybe temporarily strip?) the apostrohe in last names that have them. I just can't figure out how to do it. I'm pretty sure my new code will be... $player1last = {{{ some code to do something to $player1last to handle any apostrophes that might be in it }}} $sql = "INSERT into names (last) values ('$player1last')"; But obviously I need help with the part in {{{...}}}. Can anyone help me here? Quote Link to comment Share on other sites More sharing options...
sh0wtym3 Posted April 3, 2009 Share Posted April 3, 2009 Yep, use $player1last = ereg_replace("'","",player1last); Quote Link to comment Share on other sites More sharing options...
redarrow Posted April 3, 2009 Share Posted April 3, 2009 why not str_replace() it faster in this situation. just asking. also ergi or ereg is old fashion and not turned on in php6 so get use to prg_replace() function. Quote Link to comment Share on other sites More sharing options...
taquitosensei Posted April 3, 2009 Share Posted April 3, 2009 or even better $sql="insert into name(last) values('".mysql_real_escape_string($player1last)."'); takes care of some security issues as well as escaping the string for insert Quote Link to comment Share on other sites More sharing options...
redarrow Posted April 3, 2009 Share Posted April 3, 2009 you forgot post big boy lol $sql="insert into name(last) values('".mysql_real_escape_string($_POST['player1last'])."'); Quote Link to comment Share on other sites More sharing options...
galvin Posted April 3, 2009 Author Share Posted April 3, 2009 Thanks everyone. I actually want to KEEP the apostrophe in the name, so that would just be... $player1last = str_replace("'","\'",player1last); That works (I just tried it ). But if you're now saying that the following is better to use... $sql="insert into name(last) values('".mysql_real_escape_string($_POST['player1last'])."'); ...how would I use that newest code AND KEEP the apostrophe? Quote Link to comment Share on other sites More sharing options...
DarkWater Posted April 3, 2009 Share Posted April 3, 2009 $player1last = mysql_real_escape_string($player1last); $sql = "INSERT into names (last) values ('$player1last')"; You definitely want to be using MSRE here. I know it was already suggested, but I just separated it from the SQL string so you could see it more clearly. Quote Link to comment Share on other sites More sharing options...
galvin Posted April 3, 2009 Author Share Posted April 3, 2009 Cool, thanks again everyone! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.