Member Avatar for GlenRogers

Hi
I take data from a html form to inseert to mysql, sometimes that data has single and double quotes in it. How do you get the quotes to be part of the string so i can add to mysql.

Hers what I have, but this still gives me a sql error.

if (!empty($_REQUEST['atitle'])){
                     $title = $_REQUEST['atitle'];
                  }
                  else{
                     $title = NULL;
                   }
                   if (!empty($_REQUEST['acontent'])){
                      $content = $_REQUEST['acontent'];
                   }
                   else{
                      $content = NULL;
                      echo "<span class='text'><p>Enter content for the News Item</p></span>";
                    }
                if ($title && $content){    
      $query = "INSERT INTO projects VALUES (NULL, '"mysql_real_escape_string($atitle)"', '"mysql_real_escape_string($acontent)"', '$remote_file', '$remote_file1', '$remote_file2')";
      $result = mysql_query($query);
      if(!$result){
         $error = 'An error occured: '. mysql_error().'<br />';
         $error.= 'Query was: '.$query;
         echo $error;
         die($message);
      }

Thanks for looking..................

  • 2 Contributors
  • 4 Replies
  • 397 Views
  • 6 Hours Discussion Span
  • Latest Post Latest Post by diafol

Recommended Answers

All 4 Replies

Member Avatar for GlenRogers

On further inspection this seems to be esaping the double quotes but not the single quotes!

Anyone know why?

Member Avatar for diafol

You need to concatenate (.):

$query = "INSERT INTO projects VALUES (NULL, '" . mysql_real_escape_string($atitle) . "', '" . mysql_real_escape_string($acontent) . "', '$remote_file', '$remote_file1', '$remote_file2')";
Member Avatar for GlenRogers

Now I get this error
An error occured: Column count doesn't match value count at row 1
Query was: INSERT INTO projects VALUES (NULL, ''', ''', '', '', '')

But only when there are single quotes, works ok for double quotes!

Member Avatar for diafol 
$atitle = mysql_real_escape_string($atitle);
$acontent = mysql_real_escape_string($acontent);

$query = "INSERT INTO projects VALUES (NULL, '$atitle', '$acontent', '$remote_file', '$remote_file1', '$remote_file2')";
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.