How to Escaping Single Quotes With mysqli_real_escape_string?

Question

My code is like this :

My array of city (echo '<pre>';print_r($city);echo '</pre>';die();) :

Array
(
    [0] => Array
        (
            [CityCode] => 14879
            [CityName] => Soldeu
        )

    [1] => Array
        (
            [CityCode] => 14881
            [CityName] => Ari'nsal
        )

    [2] => Array
        (
            [CityCode] => 14882
            [CityName] => El Tarter
        )

    [3] => Array
        (
            [CityCode] => 14883
            [CityName] => Grau Roig
        )

    [4] => Array
        (
            [CityCode] => 175198
            [CityName] => Llorts
        )

)

In city code : 14881, city name : Ari'nsal

It's single quote in string.

I try code like this :

$date = date('Y-m-d H:i:s');   

            $sql = "INSERT INTO hotel_search_city (nation_code, city_code, city_name, created_at, updated_at) values ";

            $valuesArr = array();
            foreach($city as $row){

                $nation_code = $value->nation_code;

                $city_code = $row['CityCode'];
                $city_name = mysqli_real_escape_string($row['CityName']);
                $created_at = $date;
                $updated_at = $date;

                $valuesArr[] = "('$nation_code', '$city_code', '$city_name', '$created_at', '$updated_at')";
            }

            $sql .= implode(',', $valuesArr);

            $query = $sql;
            $this->db->query($query);

There exist error like this : Message: mysqli_real_escape_string() expects exactly 2 parameters, 1 given....

Any solution to solve my problem?

Thank you very much

Answer 1

$date = date('Y-m-d H:i:s');   
$sql = "INSERT INTO hotel_search_city (nation_code, city_code, city_name, created_at, updated_at) values (?, ?, ?, ?, ?)";

foreach ($city as $row) {
    $nation_code = $value->nation_code;
    $city_code = $row['CityCode'];
    $city_name = $row['CityName'];
    $created_at = $date;
    $updated_at = $date;

    $fields = array($nation_code, $city_code, $city_name, $created_at, $updated_at);
    $this->db->query($query, $fields);
}

or

$date = date('Y-m-d H:i:s');   

foreach ($city as $row) {
    $fields = array(
      'nation_code' => $value->nation_code,
      'city_code' => $row['CityCode'],
      'city_name' => $row['CityName'],
      'created_at' = $date,
      'updated_at' = $date
    );

    $this->db->insert('hotel_search_city', $fields);
}