0

Hi
I take data from a html form to inseert to mysql, sometimes that data has single and double quotes in it. How do you get the quotes to be part of the string so i can add to mysql.

Hers what I have, but this still gives me a sql error.

if (!empty($_REQUEST['atitle'])){
                     $title = $_REQUEST['atitle'];
                  }
                  else{
                     $title = NULL;
                   }
                   if (!empty($_REQUEST['acontent'])){
                      $content = $_REQUEST['acontent'];
                   }
                   else{
                      $content = NULL;
                      echo "<span class='text'><p>Enter content for the News Item</p></span>";
                    }
                if ($title && $content){    
      $query = "INSERT INTO projects VALUES (NULL, '"mysql_real_escape_string($atitle)"', '"mysql_real_escape_string($acontent)"', '$remote_file', '$remote_file1', '$remote_file2')";
      $result = mysql_query($query);
      if(!$result){
         $error = 'An error occured: '. mysql_error().'<br />';
         $error.= 'Query was: '.$query;
         echo $error;
         die($message);
      }

Thanks for looking..................

2
Contributors
4
Replies
32
Views
4 Years
Discussion Span
Last Post by diafol
0

On further inspection this seems to be esaping the double quotes but not the single quotes!

Anyone know why?

0

You need to concatenate (.):

$query = "INSERT INTO projects VALUES (NULL, '" . mysql_real_escape_string($atitle) . "', '" . mysql_real_escape_string($acontent) . "', '$remote_file', '$remote_file1', '$remote_file2')";
0

Now I get this error
An error occured: Column count doesn't match value count at row 1
Query was: INSERT INTO projects VALUES (NULL, ''', ''', '', '', '')

But only when there are single quotes, works ok for double quotes!

0
$atitle = mysql_real_escape_string($atitle);
$acontent = mysql_real_escape_string($acontent);

$query = "INSERT INTO projects VALUES (NULL, '$atitle', '$acontent', '$remote_file', '$remote_file1', '$remote_file2')";
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.