0

I have to insert some strings to my database.

The problem is that every time I use " ` " or " ' " it causes errors in the Sql.

For ex, when someone types "that's great" , it just messes everything up.

How can I solve this?

Thanks!

zero323
  • 322,348
  • 103
  • 959
  • 935
mn6vdv23g
  • 734
  • 2
  • 10
  • 33
  • possible duplicate of [Insert a value containg single quotes in MySQL](http://stackoverflow.com/questions/887036/insert-a-value-containg-single-quotes-in-mysql) – zero323 Sep 20 '13 at 23:44

3 Answers3

2

Use the real escape string function. Actually, MySQL prevents ' or ` from entering the system in order to prevent SQL Injection attacks.

Function Syntax: mysql_real_escape_string($your_string)

Lavneet
  • 516
  • 5
  • 19
1

Use the mysqli escape string function:http://au1.php.net/manual/en/mysqli.real-escape-string.php (you shouldn't be using the mysql functions as they are depreciated) http://au1.php.net/manual/en/function.mysql-real-escape-string.php

1

Use a prepared/parameterized query.

Manual: http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php

McAden
  • 13,714
  • 5
  • 37
  • 63