RLJ Posted February 28, 2011 Share Posted February 28, 2011 Hi all, I use a MySQL insert query of the following form: <?php $insert1= mysql_query ("INSERT INTO tablename (H1, H2, H3) VALUES '$V1','$V2','$V3')"); ?> However, I encounter problems when $V1, $V2 or $V3 contain certain symbols, such as quotes ("'). What is the best way to avoid this? Thanks! Link to comment https://forums.phpfreaks.com/topic/229150-mysql-insert-problems-with-quotes/ Share on other sites More sharing options...
Muddy_Funster Posted February 28, 2011 Share Posted February 28, 2011 mysql_real_escape_string was invented for just such a problem Link to comment https://forums.phpfreaks.com/topic/229150-mysql-insert-problems-with-quotes/#findComment-1180859 Share on other sites More sharing options...
AbraCadaver Posted February 28, 2011 Share Posted February 28, 2011 mysql_real_escape_string was invented for just such a problem Yes, and should always be used to prevent SQL Injection attacks. Link to comment https://forums.phpfreaks.com/topic/229150-mysql-insert-problems-with-quotes/#findComment-1180881 Share on other sites More sharing options...
RLJ Posted March 2, 2011 Author Share Posted March 2, 2011 OK cheers. Link to comment https://forums.phpfreaks.com/topic/229150-mysql-insert-problems-with-quotes/#findComment-1181861 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.