MySQL Query Using Quotes and Apostrophes

Posted on 2011-10-24
Last Modified: 2012-06-27
So I posted earlier and got help on running update and insert queries, but now I have a different problem. I want to know what the best way is to run a select query based on an input field.

So for example, I have a field which posts to a page and is included in the WHERE statement: "SELECT * FROM table WHERE UserID=$userID AND Field1='$input'

The $input variable is the field the user enters on the prior page. But if I use an apostrophe, it errors out. How can I do this??

Also..... Quotes work, but I really don't care about that. I'd rather be able to use an apostrophe if I had to choose...
Question by:brendan-amex
    LVL 19

    Expert Comment

    You will want to use the php function mysql_real_escape_string() to sanitize the data for your query.
    LVL 19

    Assisted Solution

    I guess I could give an example:


    Then run your query again and see if it works.
    LVL 11

    Accepted Solution

    I use a handy function to sanitise and quote input as required for sql queries...

    function check_input($value)
    // Stripslashes
    if (get_magic_quotes_gpc())
      $value = stripslashes($value);
    // Quote if not a number
    if (!is_numeric($value))
      $value = "'" . mysql_real_escape_string($value) . "'";
    return $value;

    Open in new window

    To use this with your query :
    // to prevent [url=""]SQL Injection[/url] sanitise ALL form input
    $userID = check_input($_REQUES['userID']);
    $input = check_input($_REQUEST['input']);
    // note, quoting variables is no longer required in the sql statement.
    $sql = "SELECT * FROM table WHERE UserID=$userID AND Field1=$input";

    Open in new window


    Author Closing Comment

    I like both answers. Thank you

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    APEX (Application Express) is used to develop a web application from Oracle. SQL Workshop is one of the tools that comes with Oracle APEX to query or modify the database objects or to make any changes to the structure.
    This article explains all about SQL Server Piecemeal Restore with examples in step by step manner.
    Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
    The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now