1

I use this code (extract) to run an INSERT query to a MYSQL DB:

        try{
            $s = $pdo->prepare("INSERT INTO crediti SET
                nota = '$nota',
                scad_nota = '$data_nota',
                chiusa = '$nota_chiusa'
            ");
            $s->execute();
        }
        catch (PDOException $e){
            $error .= 'Errore nel caricare il credito: '.$e->getMessage();
            $table .= '<td class="report err" colspan="2">'.$error.'</td>';
            //aggiungo una riga in errore al conteggio
            $g = $g + 1;
            continue;
        }

$nota takes some text that can contains single quote like for example:

ceduto a Valentini nell'ottobre 2010

that as you can see contains a single quote between nell and ottobre (sorry for italian but the meaning is not in scope actually). How should I handle $nota to be able to insert it in the db? With my actual code it breaks for the reason of that single quote:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ottobre..

I have read a lot on SO and googling around. I have read this question and as far as I understand my code shouldn't have any problem. Any help?

Community
  • 1
  • 1
Lelio Faieta
  • 6,457
  • 7
  • 40
  • 74

0 Answers0