syntax question

[182x]

hey guys I am using the following syntax to insert records into my database however if one of the records contains an apostrophe the sql statement will not work I was just wondering why and how to fix it? Thanks.

 

 $test="INSERT INTO test VALUES ('','{$testing['cId']}','{$testing['user']}')"; 

[Iceman512]

Hi there,

 

I sure ain't no genius, but here goes... MySQL reads apostrophes as part of the query input, so it will try to process them in the query submitted to the database. This often ends with a replacement character such as a question mark, depending on the server settings.

 

Fortunately, you do have many options on what you want to do with them when submitting data to the database. There are several built-in functions within PHP which will either convert apostrophs and other characters into db-friendly characters, add more apostrophe's before or after them to make "doubles" or simply strip them out altogether.

 

Take a look at the following:

 

http://uk.php.net/get_html_translation_table

http://uk.php.net/add_slashes

 

You will have to process the data for submission before it goes into your query, like so:

 

<?php

$str = $testing['cId'];
echo stripslashes($str);

$test="INSERT INTO test VALUES ('$str','$somethingelse')"; 
?>

 

There are many more functions that can be suited for this task, and I'm sure someone else can suggest more.

 

Hope that helps!

Regards,

Iceman

[obsidian]

You've got to escape the apostrophes before insertion:

<?php
foreach ($testing as $k => $v) {
  $testing[$k] = mysql_real_escape_string($v);
}
$test="INSERT INTO test VALUES ('','{$testing['cId']}','{$testing['user']}')"; 
?>