nepzap2 Posted January 4, 2010 Share Posted January 4, 2010 When I try to submit text that uses single quote ' and double quote " or a combination of both I receive this error You have an error in your SQL syntax near ''"'' WHERE id = 171' at line 35. Does anyone know what this means and if there is any way to avoid this. Thanks Link to comment https://forums.phpfreaks.com/topic/187145-mysql-question/ Share on other sites More sharing options...
Philip Posted January 4, 2010 Share Posted January 4, 2010 You need to escape those characters before placing them into a query. Take a look at mysql_real_escape_string Link to comment https://forums.phpfreaks.com/topic/187145-mysql-question/#findComment-988256 Share on other sites More sharing options...
Maq Posted January 4, 2010 Share Posted January 4, 2010 You should be invoking mysql_real_escape_string on the input. That will escape the quotes. EDIT: KP beat me to it. Link to comment https://forums.phpfreaks.com/topic/187145-mysql-question/#findComment-988259 Share on other sites More sharing options...
nepzap2 Posted January 4, 2010 Author Share Posted January 4, 2010 Thank you guys. That pretty much solved my issue. I took Maq's suggestion like so: mysql_real_escape_string($_POST['laboratoryExperience']), mysql_real_escape_string($_POST['researchExperience']), mysql_real_escape_string($_POST['personalStatement']), mysql_real_escape_string($_POST['resume']) So can this function pretty much escape any characters? Link to comment https://forums.phpfreaks.com/topic/187145-mysql-question/#findComment-988270 Share on other sites More sharing options...
Mchl Posted January 4, 2010 Share Posted January 4, 2010 Any characters that might break MySQL query. Link to comment https://forums.phpfreaks.com/topic/187145-mysql-question/#findComment-988271 Share on other sites More sharing options...
Maq Posted January 4, 2010 Share Posted January 4, 2010 Thank you guys. That pretty much solved my issue. I took Maq's suggestion like so: mysql_real_escape_string($_POST['laboratoryExperience']), mysql_real_escape_string($_POST['researchExperience']), mysql_real_escape_string($_POST['personalStatement']), mysql_real_escape_string($_POST['resume']) So can this function pretty much escape any characters? It's all in the manual. mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a. This function must always (with few exceptions) be used to make data safe before sending a query to MySQL. Link to comment https://forums.phpfreaks.com/topic/187145-mysql-question/#findComment-988273 Share on other sites More sharing options...
ignace Posted January 4, 2010 Share Posted January 4, 2010 Also mentioned in the manual: Note: A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn't defined, the last MySQL connection is used. Link to comment https://forums.phpfreaks.com/topic/187145-mysql-question/#findComment-988292 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.