how to insert text with a ' into a db with php

Question

nevek 0 Newbie Poster

11 Years Ago

I have for example an objec room which has an atribute floor which is text.
Let's say that $room->floor = "hi i'm a floor"

my querry statement would be
"UPDATE room SET floor=$room->floor where id=room->id"

when I insert it with php into a mysql db it gives an error because the '. How can i prevent this?

php

Edited 11 Years Ago by pritaeas because: Added markdown.

3 Contributors
4 Replies
194 Views
2 Hours Discussion Span
Latest Post 11 Years Ago Latest Post by broj1

All 4 Replies

broj1 356 Humble servant

11 Years Ago

Escape the values in the query using your databases's escape function. If you use mysqli the function is mysqli_real_escape_string (or mysqli::real_escape_string if you do it OOP way).

$query = "UPDATE room SET floor='" . mysql_real_escape_string($room->floor) . "' where id=room->id";

Edited 11 Years Ago by broj1

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

AARTI SHRIVAS 2 Posting Pro in Training · Answer 1 · 2013-03-11T09:58:34+00:00

"UPDATE room SET floor=$room->floor where id=room->$id"

try this and post your code complitely

nevek 0 Newbie Poster · Answer 2 · 2013-03-11T10:07:10+00:00

nevek 0 Newbie Poster

11 Years Ago

thank you broj1, it works

broj1 356 Humble servant Featured Poster · Answer 3 · 2013-03-11T12:36:23+00:00

broj1 356 Humble servant

11 Years Ago

You are welcome. Please mark as solved. Happy coding.

how to insert text with a ' into a db with php

Recommended Answers Collapse Answers

All 4 Replies

Recommended Answers