0

I'm having an issue with my MySQL query/php, I try to update a row in my database that will work usually, but when the string has a ' in it, for example

I don't like green eggs and ham.

The ' in it will cancel the whole response out and not update the row, so if I put something like this without the ' for example:

I dont like green eggs and ham.

The string will save to the row. Below is the MySQL query used and where I get the string from.

$NewMessage = $_POST['message123'];

mysql_query("UPDATE Account SET `function` = 'Message', `note` = '$NewMessage' WHERE `id` = '$ID' AND `Online` = '1'");

If you need anymore source or anything, please let me know, let me know what you think, thanks!

Melternet
  • 21
  • 1
  • 1
  • 7

3 Answers3

0

Use *_real_escape_string

$NewMessage = mysql_real_escape_string($_POST["message123"]);

But of course, mysql_* API is already deprecated and I would recommend to you to use prepared statement instead.

Logan Wayne
  • 6,001
  • 16
  • 31
  • 49
0

Hey friend you are need to change single ' with '' commas 2 times. then it is insert your value correct in table other generate error.

Real escape string use where we are need value like this doest. if we user value in database like it does't then right one is use '' 2 time single commas no doule commas

jasbir singh
  • 71
  • 5
0

Use simply addslashes() To read more about it click here

E.g in you code simply use addslashes() something like this

$NewMessage = addslashes($_POST['message123']);

I hope it will work for you.

Yatin Khullar
  • 1,580
  • 1
  • 12
  • 26