1

I'm trying to replace a single quote mark when importing some data using LOAD DATA LOCAL FILE into MySQL... here is my query in PHP

$sql = "LOAD DATA LOCAL INFILE 'uploaded_files/uploaded.csv'
        INTO TABLE results
        FIELDS TERMINATED BY ','
        OPTIONALLY ENCLOSED BY '\"' 
        LINES TERMINATED BY '\\r\\n'
        IGNORE 1 LINES
        (Place, RaceNumber, Time, Firstname, Surname, Category,
         FirstInGroup, Notes, AdditionalNotes, club, Fullname)
        SET randomCode = '" .$random_code. "',
        distance = '" .$_POST["distance"]."',
        location = '" .$_POST["location"]."',
        DistanceName = '" .$_POST["distanceName"]."',
        intYear = '" .$_POST["intYear"]."',
        RaceDate = '" .$_POST["raceDate"]."',
        Race = '" .$_POST["race"]."',
        event = '" .$_POST["event"]."',
        raceID = '" .$_POST["raceID"]."',
        Time = replace(Time,'.',':'),
        Fullname = replace(Fullname,''','''');
        ";

my problem is the Fullname = replace(Fullname,''',''''); doesn't work, i need to replace ' with '' but its already inside a string, how should the line look?

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Mike Todd
  • 71
  • 1
  • 2
  • 5
  • Use prepared/parameterized queries and never worry about escaping queries again – JimL Apr 07 '17 at 08:13
  • do not directly post from your html form. Very dangerous. Please tell me this is not in production – Rotimi Apr 07 '17 at 08:13
  • 1
    Possible duplicate of [When to use single quotes, double quotes, and backticks in MySQL](http://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-backticks-in-mysql) – Masivuye Cokile Apr 07 '17 at 08:29

0 Answers0