Send ' symbol through mysql

Asked Sep 22 '16 at 11:46

Active Sep 22 '16 at 11:46

Viewed 44 times

I have got a php code

$Txt=$_POST['chat_txt'];
$Txt=trim($Txt);
$Txt=htmlspecialchars($Txt);
$Txt=preg_replace("/(^[\r\n]*|[\r\n]+)[\s\t]*[\r\n]+/", "\n", $Txt);
$ins=$con->query("INSERT INTO chat (Message,From_) VALUES('$Txt','$NameId')");

And if $Txt is We're then it is going to return an error about right to use syntax.What do i have to do to prevent that?

asked Sep 22 '16 at 11:46

J.Doe

Use prepared statements to get MySQL to escape strings correctly. – apokryfos Sep 22 '16 at 11:48
@apokryfos aren't there any other way? – J.Doe Sep 22 '16 at 11:49
use `mysql_real_escape_string` or `addslashes`, can be a start. – Phiter Sep 22 '16 at 11:49
addslashes can be a replacement for your preg_replace, in this case. – Phiter Sep 22 '16 at 11:49
1

Well, there's countless other ways. However prepared statements is the most reliable one. – apokryfos Sep 22 '16 at 11:50
@apokryfos what about addslashes? – J.Doe Sep 22 '16 at 11:51
@J.Doe addslashes doesn't deal with the DB encoding, just the PHP-side encoding. It would probably be fine if everything is in Unicode. – apokryfos Sep 22 '16 at 11:52
@apokryfos well it worked for me – J.Doe Sep 22 '16 at 11:53

Send ' symbol through mysql

0 Answers0