0

I need to insert (for example: "ABC") to my wamp db. I'm using str_replace method for this. Code is as shown below:

$currAddr=str_replace(array("'","\"", """),"'",htmlspecialchars($_POST["currentadd"]));

I'm trying to replace single quotes with a backslash and double quotes with a &#39 to my db because as per my code single & double quotes cant be inserted directly to db.

This code is not working as I expected. I'm not getting what's wrong in this. Any help here...

Naruto
  • 1,210
  • 3
  • 25
  • 28
Kirataka
  • 484
  • 8
  • 26
  • 1
    If you were to work with prepared statements, this would be so unnecessary.. – Naruto Oct 13 '15 at 10:05
  • OK, the duplicate isn't a "duplicate" at all, but seriously, avoiding SQL injection/preserving SQL syntax **is a solved problem which does not need yet another bad reinvention.** Do it the right way and this question becomes obsolete. – deceze Oct 13 '15 at 10:28
  • This code is working when i do in real time. But not working when I do in localhost using wamp server. – Kirataka Oct 13 '15 at 12:24
  • @Paul but that link is for SELECT ... not for INSERT query right... ?!! – Kirataka Oct 13 '15 at 12:27
  • `$currAddr=str_replace('\'', ' ', $_POST["currentadd"]); $currAddr=str_replace('"', ' ', $currAddr);` I did this & I'm getting for double quote.. but not for single quote... – Kirataka Oct 13 '15 at 13:05

0 Answers0