INSERT not liking apostrophies

[86Stang]

Hi All,

 

A quick question --- I've got this INSERT:

 

while ($row = mysql_fetch_array($results))
{
$insertion = "INSERT INTO table (entry_id, title) VALUES ('$row[entry_id]','$row[title]')";
mysql_query($injection) or die (mysql_error());
}

 

The entry_id inserts just fine but the query dies as soon as it hits the first title that has an apostrophe in it.  Any thoughts?

[revraz]

Sounds like it's not numeric.

 

$row['title']

 

Which means you have to redo the quotes.

 

Also, you should escape the data being inserted.

[roopurt18]

You need to call mysql_real_escape_string() on any data you plan to insert into the database.

 

You should also enclose any variables inside of double-quoted strings in curly brackets and always use single quotes indexes into associative arrays:

$var = "inside a string, this value is {$row['index']}";

[DarkPrince2005]

Try this it should work

 

$insertion = "INSERT INTO table (entry_id, title) VALUES (\"$row[entry_id]\",\"$row[title]\")";

[rajivgonsalves]

seeing the above your forming your query with variable name $insertion and then using variable $injection to run the query??? this will not work! your code should be

 

while ($row = mysql_fetch_array($results))
{
$insertion = "INSERT INTO table (entry_id, title) VALUES ('$row[entry_id]','$row[title]')";
mysql_query($insertion) or die (mysql_error());
}

[marcus]

Also if he has error reporting to the max he should get undefined constants.

 

VALUES('".$row['entry_id']."','".$row['title']."')";

[kenrbnsn]

As roopurt18 said, use the function mysql_real_escape_string() on all strings you're inserting into the database when they are coming from an external source:

<?php
$insertion = "INSERT INTO table (entry_id, title) VALUES ('" . mysql_real_escape_string($row[entry_id]) . "','" . mysql_real_escape_string($row['title']) . "')";
?>

 

Ken