Today I face a big problem in my recent project with this Quotes ( ' ). I can't submit my data into database which have contain this Quotes ( ' ) . . . . . :'(
When i Set my $value= ' my father's ';
with this ( ' ) than i face an error. That is it -
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's
Than What...? What can I do ?
mysql_real_escape_string — Escapes special characters in a string for use in an SQL statement
mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.
This function must always (with few exceptions) be used to make data safe before sending a query to MySQL.
Example :
Note : This would allow anyone to log in without a valid password.
When i Set my $value= ' my father's ';
with this ( ' ) than i face an error. That is it -
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's
Than What...? What can I do ?
mysql_real_escape_string — Escapes special characters in a string for use in an SQL statement
mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.
This function must always (with few exceptions) be used to make data safe before sending a query to MySQL.
Example :
- $description=$_POST['description'];
- $escaped_description=mysql_real_escape_string($description);
- $sql= "INSERT INTO TABLE_NAME (post_description)
- VALUES ('".$escaped_description."')";
This Works Perfectly .....
Note : This would allow anyone to log in without a valid password.
No comments:
Post a Comment