1

My insert into query fails if the data that i want to insert contains '

Here is the code:

$sql= "INSERT INTO user (username,password,first_name,Age,race,gender,address,father_name,hpfather_no,father_occupation,father_identitycard,mother_name,hpmother_no,mother_occupation,mother_identitycard,session,batch_id,user_type,user_id) values ('$username','$password','$first_name','$Age','$race','$gender','$address','$father_name','$hpfather_no','$father_occupation','$father_identitycard','$mother_name','$hpmother_no','$mother_occupation','$mother_identitycard','$Session','$batch_id','user','$user_id')";

i want to insert the value ' inside the address but it will output an error which is:

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near

KingJ
  • 113
  • 1
  • 7
  • I believe user is a reserved word in mySql.... also should 'user' -> '$user' in values section? – Vbudo Apr 14 '19 at 06:09
  • 1
    If you use prepared statements you will find that issues with quotes etc. will not be a problem. This also solves issues with security and possible SQL injection issues. – Nigel Ren Apr 14 '19 at 06:10
  • use mysql_real_escape_string($address); – Nikhil S Apr 14 '19 at 06:14
  • thanks i used mysqli_real_escape_string it works now thank you – KingJ Apr 14 '19 at 06:24
  • 1
    Don't use `mysqli_real_escape_string()` - https://stackoverflow.com/questions/36145598/when-should-i-use-php-mysqli-real-escape-string-function – Nigel Ren Apr 14 '19 at 06:28

0 Answers0