RLJ Posted February 28, 2011 Share Posted February 28, 2011 Hi all, I use a MySQL insert query of the following form: <?php $insert1= mysql_query ("INSERT INTO tablename (H1, H2, H3) VALUES '$V1','$V2','$V3')"); ?> However, I encounter problems when $V1, $V2 or $V3 contain certain symbols, such as quotes ("'). What is the best way to avoid this? Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/229150-mysql-insert-problems-with-quotes/ Share on other sites More sharing options...
Muddy_Funster Posted February 28, 2011 Share Posted February 28, 2011 mysql_real_escape_string was invented for just such a problem Quote Link to comment https://forums.phpfreaks.com/topic/229150-mysql-insert-problems-with-quotes/#findComment-1180859 Share on other sites More sharing options...
AbraCadaver Posted February 28, 2011 Share Posted February 28, 2011 mysql_real_escape_string was invented for just such a problem Yes, and should always be used to prevent SQL Injection attacks. Quote Link to comment https://forums.phpfreaks.com/topic/229150-mysql-insert-problems-with-quotes/#findComment-1180881 Share on other sites More sharing options...
RLJ Posted March 2, 2011 Author Share Posted March 2, 2011 OK cheers. Quote Link to comment https://forums.phpfreaks.com/topic/229150-mysql-insert-problems-with-quotes/#findComment-1181861 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.