How to avoid apostrophe error in php

Question

Through the following code, I am updating the data which is already stored in the database. But when I click on my update button it's showing the following error:

"You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 're thinking a few times especially during the execution stage where things don't' at line 1".

I am unaware about why this error is showing only when there is apostrophe in my content(' or '). It is showing error for those words which has apostrophe like don't, you're, etc., during Inserting it is not showing but during updating,it is showing.

if(isset($_GET['edit'])){

$edit_id = $_GET['edit'];

$edit_query = "select * from blogs where blog_id= '$edit_id' ";

$run_edit = mysql_query($edit_query)or die(mysql_error()); 

while ($edit_row=mysql_fetch_array($run_edit)){


    $blog_id = $edit_row['blog_id'];
    $blog_title = $edit_row['blog_title'];
    $blog_author = $edit_row['blog_author'];
    $blog_image = $edit_row['blog_image'];
    $blog_content = $edit_row['blog_content'];
}
}
?>

<form method="post" action="edit_blog.php?edit_form=<?php echo $edit_id; ?>" enctype="multipart/form-data">

<table width="600" bgcolor="orange" align="center" border="10">

    <tr>
        <td align="center" bgcolor="yellow" colspan="6"><h1>Edit The Blog Here</h1></td>
    </tr>

    <tr>
        <td align="right">Blog Title:</td>
        <td><input type="text" name="title" size="30" value="<?php echo $blog_title; ?>"></td>
    </tr>

    <tr>
        <td align="right">Blog Author:</td>
        <td><input type="text" name="author" size="30"value="<?php echo $blog_author; ?>"></td>
    </tr>

    <tr>
        <td align="right">Blog Image:</td>
        <td>
        <input type="file" name="image" >
        <img src="../imaged/<?php echo $blog_image;?>" width="100" height="100"> </td>
    </tr>

    <tr>
        <td align="right">Blog Content:</td>
        <td><textarea name="content" cols="30" rows="15"><?php echo $blog_content; ?></textarea></td>
    </tr>

    <tr>
        <td align="center" colspan="6"><input type="submit" name="update" value="Update Now"></td>
    </tr>       
</table>

</form>
</body>
</html>    
<?php

if(isset($_POST['update'])){

$update_id = $_GET['edit_form'];
$blog_title1 = $_POST['title'];
  $blog_date1 = date('y-m-d');
  $blog_author1 = $_POST['author'];
  $blog_content1 = $_POST['content'];
  $blog_image1= $_FILES['image']['name'];
  $image_tmp= $_FILES['image']['tmp_name'];

if($blog_title1=='' or $blog_author1=='' or  $blog_content1=='' or $blog_image1==''){

echo "<script>alert('Any of the fields is empty')</script>";
exit();
}

else {

 move_uploaded_file($image_tmp,"../imaged/$blog_image1");

    $update_query = "update blogs SET blog_title='$blog_title1',blog_date='$blog_date1',blog_author='$blog_author1',blog_image='$blog_image1',blog_content='$blog_content1' where blog_id='$update_id' ";

    if(mysql_query($update_query) or die(mysql_error())){

    echo "<script>alert('blog has been updated')</script>";

    echo "<script>window.open('view_blog.php','_self')</script>";

    }

   }
 }
?>

The error seems very clear : the apostrophe. Try replacing it by something else before using it in your SQL. — Jose Manuel Abarca Rodríguez, Jun 01 '16 at 19:45
I didn't get you.Will you please elaborate. @JoseManuelAbarcaRodríguez — doe john, Jun 01 '16 at 19:53
@Xorifelse It won't destroy your data, since `mysql_query()` will not execute multiple queries. I'm getting very tired of this misinformation. You can't believe everything you read in XKCD. — Barmar, Jun 01 '16 at 20:00
thanks @JoseManuelAbarcaRodríguez .I am still stuck even after using it.Will you please suggest me proper syntax/code as I am new to mysql and php. — doe john, Jun 01 '16 at 20:14
`$title = "I'm not here";` , `$title = str_replace( "'","#",$title );` , `$ss = "update blogs SET blog_title='$title'";` , `echo $ss;` . I can't show the backtick char, instead of it, I used #, but you have to replace the # by the backtick char. Get the idea? — Jose Manuel Abarca Rodríguez, Jun 01 '16 at 20:22
you are awesome @JoseManuelAbarcaRodríguez. Thanks a lot man !! :) — doe john, Jun 01 '16 at 20:32
Just learned how to insert backtick here in comments : `$title = "I'm not here";` , ``$title = str_replace( "'","`",$title );`` , `$ss = "update blogs SET blog_title='$title'";` , `echo $ss;` . — Jose Manuel Abarca Rodríguez, Jun 01 '16 at 20:46

How to avoid apostrophe error in php

0 Answers0