0

I have for example an objec room which has an atribute floor which is text.
Let's say that $room->floor = "hi i'm a floor"

my querry statement would be
"UPDATE room SET floor=$room->floor where id=room->id"

when I insert it with php into a mysql db it gives an error because the '. How can i prevent this?

Edited by pritaeas: Added markdown.

3
Contributors
4
Replies
21
Views
4 Years
Discussion Span
Last Post by broj1
1

Escape the values in the query using your databases's escape function. If you use mysqli the function is mysqli_real_escape_string (or mysqli::real_escape_string if you do it OOP way).

$query = "UPDATE room SET floor='" . mysql_real_escape_string($room->floor) . "' where id=room->id";

Edited by broj1

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.