Allowing mysql to recognize an apostrophe when using the select command

Question

I have been using xml to parse. Although I can insert my data fine into a mysql database, I cannot receive whenever there is a apostrophe. I am using

stringByAddingPercentEscapesUsingEncoding : NSUTF8StringEncoding

for the insert, which succeeds in placing it in as '. When I try to select however, mysql gets confused and shoots me with no response. Is there a way to replace an apostrophe with something recognizable before sending it up to the database and then parsing it back into the correct format when receiving?

Are you using PHP on the server? – woz Apr 13 '13 at 00:52 — woz, Apr 13 '13 at 00:52
I am using php. Sorry I left that out – Apr 13 '13 at 00:54 — , Apr 13 '13 at 00:54

score 3 · Answer 1 · edited May 23 '17 at 12:28

You need to use this answer. You need to parametrize your MySQL queries so you won't be vulnerable to SQL injection.

Example using PDO:

$stmt = $pdo->prepare('SELECT * FROM employees WHERE name = :name');

$stmt->execute(array(':name' => $name));

foreach ($stmt as $row) {
    // do something with $row
}

Example using mysqli:

$stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?');
$stmt->bind_param('s', $name);

$stmt->execute();

$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
    // do something with $row
}

Allowing mysql to recognize an apostrophe when using the select command

1 Answers1