Inserting a chat message into a database

Question

So I use the following line of code to insert a chat message into my MySQL database:

$this->db->query("INSERT INTO group_messages (group_message_text,group_message_group_id,group_message_user_id) VALUES ('$message','$group_id','$user_id');");

This works great until the users tries to use characters like ' or emoji's. How do I handle that properly?

research for sql-injections, PDO, *_real_escape_string etc – donald123 Dec 05 '16 at 11:33 — donald123, Dec 05 '16 at 11:33
You should try to use Prepared statements. – Masivuye Cokile Dec 05 '16 at 11:35 — Masivuye Cokile, Dec 05 '16 at 11:35

score 0 · Answer 1 · edited May 23 '17 at 12:08

0

To store emoji's in your database you have to store it in utf8mb4. See this answer.

You should also escape your text bevor storing it into the database. See this answer as well.

edited May 23 '17 at 12:08

Community

1
1

answered Dec 05 '16 at 11:32

Leon Husmann

664
1
6
25

score 0 · Answer 2 · answered Dec 05 '16 at 11:41

0

Might be the Syntax error:

Please try using 
$this->db->query("INSERT INTO group_messages (group_message_text,group_message_group_id,group_message_user_id) VALUES ('".$message."','".$group_id."','".$user_id."');");

Hope this will help :)

answered Dec 05 '16 at 11:41

Binit Ghetiya

1,919
2
21
31

Inserting a chat message into a database

2 Answers2