PHP/PDO in built method to escape sequences

[Jagand]

I have a code that uses simpleXML library to generate an XML from input. I then want to insert the data into MySQL using PDO->exec(); But Insert of query doesn't happen. Can you please let me know how do I escape the query so that insert is successful.

 

PDO::query(), PDO::prepare() haven't helped me much so looking for PHP solution to this problem. Below is the INSERT code generated

 

 

INSERTINTO dbname.table(input_xml)VALUES ('<?xml 
version="1.0" encoding="UTF-8" standalone="yes" 
?><ip_Input><ip_xml>17:01:27Qaiku.com – What Can We 
Learn From Failure?By Guest Blogger, September 11, 2012, Leave a 
CommentEditor's note: I think we in the tech press have the tendency to 
focus on the positive stories and forget about the startups that didn't live up 
their expectations. Our Sofanatics coverage this past week has been one of the 
few times we've covered abandoned projects, which is a pitty because there are a 
lot to learn from "failures." Below we have a long read from Eero Holmila which 
is one part eulogy, and another part what he's learned from the now-announced 
shutdown of Qaiku.com.Qaiku.com might be a familiar name for some of the 
readers of Arctic Startup. However, I am quite sure that the background and the 
rough road from high hopes to a bitter decline probably is not. I am the CEO of 
Rohea, a company behind a handful of quite successful Finnish websites like 
Kotikokki.net, Kuvake.net, Mikseri.net and of course a less successful 
Qaiku.com.I am going to share some lessons learned through the trip. I hope 
some of it might be of use, spark up ideas or if nothing else, be at least a bit 
entertaining. One last important disclaimer: all the opinions are my own.Now 
without further delay, this is the story of 
Qaiku.</ip_xml></ip_Input>');
 

 

[kicken]

You use prepared statements and use a placeholder for the value.

$stmt = $db->prepare('INSERT INTO dbname.table (input_xml) VALUES (?)');

$stmt->exec(array($xmlData));