Storing values with single quote in MySQL

Question

I started learning PHP coding earlier October, the issue which is causing my trouble is that my users need to store text in the database (and the text would probably contain single and double quotes). Whenever, I put a single quote in the text, it'd cause an error. I really need to store single and double quotes, otherwise the users would have errors when their text would contain phrases like: It's my car. For the meanwhile, I turn single quotes to double ones with str_replace.

The query which I use for inserting the text into the database is: INSERT INTO notes (text) VALUES ('$text')

Isn't there any fix for it?

This question can be closed now as I got my answer. Thank you StackOverflow. It's was quite awesome to have an answer within 2 minutes. — Areeb, Nov 29 '14 at 15:17
You should probably use prepared statements rather than trying to escape it yourself. That way, it will just do the right thing independent of the value you provide. There is a good example at http://php.net/manual/en/mysqli-stmt.bind-param.php. — Mats Kindahl, Nov 29 '14 at 15:49

score 6 · Accepted Answer · answered Nov 29 '14 at 15:03

6

You can use a function like mysql_real_escape_string to escape the string before storing it into the database.

answered Nov 29 '14 at 15:03

Jakub Arnold

85,596
89
230
327

Awesome! Got my answer! – Areeb Nov 29 '14 at 15:05

score 1 · Answer 2 · edited Mar 12 '15 at 20:31

1

Please use any of the following concepts:

Use the QUOTE() function
Use escaping

edited Mar 12 '15 at 20:31

Jamal

763
7
22
32

answered Nov 29 '14 at 15:05

abhijitcaps

594
8
7

Storing values with single quote in MySQL

2 Answers2