Using ' in a MySQL command

NLCJ · May 3, 2010

Hello,

I've run into another (simple) problem.

Lets say I've got this:

$variable1 = "12";
$variable2 = "Testin' this system"; 

mysql_query("INSERT INTO tablename ('id', 'name') VALUES ('".$variable1."', '".$variable2."')");

That will look like this:

mysql_query("INSERT INTO tablename ('id', 'name') VALUES ('12', 'Testin' this system'");

So, how do I get this right into the database?

Regards,

trq · May 3, 2010

mysql_real_escape_string should be used on ALL user inputted data in EVERY query.

NLCJ · May 3, 2010

mysql_real_escape_string should be used on ALL user inputted data in EVERY query.

I know, but I don't want that there comes a \'... I trust this source 100% so that will be fine...

Mchl · May 3, 2010

mysql_real_escape_string should be used on ALL user inputted data in EVERY query.

I know, but I don't want that there comes a \'... I trust this source 100% so that will be fine...

Well then, there's only magick left for you...

A \ will not be saved to database, so I don't know why you might not like it.

NLCJ · May 3, 2010

Thank you! Dumb me...

Sign In

Using ' in a MySQL command

Recommended Posts

NLCJ

Link to comment

Share on other sites

trq

Link to comment

Share on other sites

NLCJ

Link to comment

Share on other sites

Mchl

Link to comment

Share on other sites

NLCJ

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information