-1

I have created a database for poll application called poll and tables called polls and users.

When I added SQL for second question:

INSERT INTO `poll`.`polls` (`id`, `question`, `starts`, `ends`) VALUES ('2', 'What''s your favourite web language?', NOW(), '2015-08-12');

Warning from title comes up. Here is export:

-- phpMyAdmin SQL Dump
-- version 4.2.12deb2
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Aug 10, 2015 at 02:46 PM
-- Server version: 5.5.44-0+deb8u1
-- PHP Version: 5.6.9-0+deb8u1

SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;

--
-- Database: `poll`
--

-- --------------------------------------------------------

--
-- Table structure for table `polls`
--

CREATE TABLE IF NOT EXISTS `polls` (
`id` int(11) unsigned NOT NULL,
  `question` text,
  `starts` date DEFAULT NULL,
  `ends` date DEFAULT NULL
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1;

--
-- Dumping data for table `polls`
--

INSERT INTO `polls` (`id`, `question`, `starts`, `ends`) VALUES
(1, 'What do you think about new whey protein?', '2015-08-10', '2015-08-12'),
(2, 'What''s your favourite web language?', '2015-08-10', '2015-08-12');

--
-- Indexes for dumped tables
--

--
-- Indexes for table `polls`
--
ALTER TABLE `polls`
 ADD PRIMARY KEY (`id`);

--
-- AUTO_INCREMENT for dumped tables
--

--
-- AUTO_INCREMENT for table `polls`
--
ALTER TABLE `polls`
MODIFY `id` int(11) unsigned NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=3;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

Is it caused by second questions' apostrophe sign?

EDIT: This is not duplicate because I'm doing this in phpMyAdmin and I know what is SQL injection :)

Muhammad Hassaan
  • 7,296
  • 6
  • 30
  • 50
Nikola Stojaković
  • 2,257
  • 4
  • 27
  • 49

2 Answers2

1

There are two single quotes between What and s like What''s.

Try

INSERT INTO `poll`.`polls` (`id`, `question`, `starts`, `ends`) VALUES ('2', 'What\'s your favourite web language?', NOW(), '2015-08-12');+

Instead of

INSERT INTO `poll`.`polls` (`id`, `question`, `starts`, `ends`) VALUES ('2', 'What''s your favourite web language?', NOW(), '2015-08-12');

Note Use addslashes() in your PHP Code to void such issues.

Muhammad Hassaan
  • 7,296
  • 6
  • 30
  • 50
  • Just like I think :) Thanks. However, I sended another request with update for the question: UPDATE `poll`.`polls` SET `question` = 'What''s your favourite web language?' WHERE `polls`.`id` = 2; And little apostrophe is automatically added. – Nikola Stojaković Aug 10 '15 at 12:52
  • @JayBlanchard, I know what is going on. That method prevents escape string, but you're right. – Nikola Stojaković Aug 10 '15 at 12:54
  • @Nikola you can try `UPDATE poll.polls SET question = 'What\'s your favourite web language?' WHERE polls.id = 2;` – Muhammad Hassaan Aug 10 '15 at 13:00
  • I've already tried it, but then, more characters are added. (\ before \ and ' before '). This is ok , thanks. – Nikola Stojaković Aug 10 '15 at 13:05
  • If you learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) [statements](http://php.net/manual/en/pdo.prepared-statements.php) you'll never have these kinds of issues @Nikola – Jay Blanchard Aug 10 '15 at 14:47
  • @JayBlanchard I'm using prepared statements, but this is manullay added in phpmyadmin interface. – Nikola Stojaković Aug 10 '15 at 16:59
0

Try to consider sql_modes. It can control how MySQL treats errors.

You can set session sql_mode like:

SET SESSION sql_mode = 'NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION,ALLOW_INVALID_DATES'

The original post also tells you how to make it persistent.

Afante
  • 1