MySQL insert fails with apostrophe

Question

Since my webhost have updated the php on the server from 5.2 to 5.3 I am unable to update any fields in the database if the text contains an apostrophe. I have tried using mysql_real_escape_string() with no success.

I have tried....

    $id = uniqid();
    $case_account = $_POST['case_account'];
    $contact = ucwords($_POST['contact']);
    $subject = mysqli_real_escape_string(ucfirst($_POST['name']));
    $desc = mysqli_real_escape_string(ucfirst($_POST['description']));
    $resolution = mysqli_real_escape_string(ucfirst($_POST['resolution']));
    $account_name = $_POST['case_account_name'];
    $entered_by = $_POST['entered_by'];

    $sql="INSERT INTO cases (id, account_id, name, description, resolution, account_name1, created_by, date_entered) VALUES ('$id', '$case_account','$subject', '$desc', '$resolution', '$account_name', '$entered_by', NOW())";
    $result = mysqli_query($sql)or die(mysqli_error());

I have also tried using it in the actual query (I only tried round $subject to test).

$sql="INSERT INTO cases (id, account_id, name, description, resolution, account_name1, created_by, date_entered) VALUES ('$id', '$case_account',".mysqli_real_escape_string."('$subject'), '$desc', '$resolution', '$account_name', '$entered_by', NOW())";
        $result = mysql_query($sql)or die(mysql_error());

I've also tried changing the field in the database to text from varChar to text and back again but with no success. I know this should be simple but for some reason I can't make it work.

You can **NOT** mix mysqli() and mysql() functions. The two libraries are NOT interchangeable. A connection made in one is NOT useable in the other. — Marc B, Apr 26 '13 at 16:43

score 2 · Accepted Answer · answered Apr 26 '13 at 16:39

2

mysqli_real_escape_string: mysqli_real_escape_string ( mysqli $link , string $escapestr )
Other mysqli functions require the same treatment.

A rule of thumb: if some function doesn't work as expected - check the manual page first.

Also, you need to make API function usage consistent. Choose one API and use its functions only, either mysqli_* or mysql_* but not both at once.

answered Apr 26 '13 at 16:39

Your Common Sense

156,878
40
214
345

HI, I have tried that $address1 = $_POST['address']; $address = mysqli_real_escape_string($mysqli, $address1); but I get still an error with an apostrophe – tatty27 Apr 26 '13 at 17:25
It's ok, I have it. I'd just like to say though, I did check the manual but I sometime struggle to interpret the contents – tatty27 Apr 26 '13 at 17:55

score -1 · Answer 2 · answered Apr 26 '13 at 16:38

-1

Have you tried using addslashes()?

answered Apr 26 '13 at 16:38

BurpmanJunior

988
5
13

Did'nt work, sorry, but thanks for the suggestion – tatty27 Apr 26 '13 at 17:56

MySQL insert fails with apostrophe

2 Answers2