Solved

PHP isert quer help needed

Posted on 2014-04-18
5
311 Views
Last Modified: 2014-05-04
Hi guys
I have the following query.
When I an insert query contains a quote (e.g. Kellog's), it fails to insert a record.

Can I just add mysql_real_escape_string around line 24?

mysql_real_escape_string(('$tkw', '$PID','$KWtkid','$kwSource_bulk','$kwType'))

Will this work?

Thanks

Matt
sample.txt
0
Comment
Question by:matthewdacruz
5 Comments
 
LVL 3

Assisted Solution

by:bayoubeast
bayoubeast earned 250 total points
Comment Utility
You should use mysqli_real_escape_string and it should work.  mysql_real_escape_string should work too, but it's going to go away eventually.  You're missing some quotes in your post too, should be something like:

$inserts_sup[] = mysql_real_escape_string("('$tkw', '$PID','$KWtkid','$kwSource_bulk','$kwType')");

Open in new window


http://us3.php.net/mysql_real_escape_string
http://us3.php.net/manual/en/mysqli.real-escape-string.php
0
 
LVL 26

Assisted Solution

by:skullnobrains
skullnobrains earned 125 total points
Comment Utility
no. you need to escape each of the values and not the whole insert block or your query will break.

rather do something like

foreach (array('tkw', 'PID','KWtkid','kwSource_bulk','kwType') as varname)
  $$varname=mysql_real_escape_string($$varname);

$inserts_sup[] = "      ('$tkw', '$PID','$KWtkid','$kwSource_bulk','$kwType')";

i personally often user var_export (or addcslashes). advantage is that it is reversible, con is that it is vulnerable to injections using c escape sequences. in web server contexts, this is generally not a problem because they'd be handled beforehand.
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 125 total points
Comment Utility
Please see the article here.  It shows in detail, with examples, how to prepare data for use in a query, using either MySQLi or PDO.  It also shows what you must do to keep your scripts running in the future.  You cannot depend on MySQL any more.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html

This page gives a mapping of the familiar but obsolete MySQL extensions to the current MySQLi and PDO extensions.
http://iconoun.com/mysql_mysqli_pdo_function_map.php

In case you're new to PHP and want to find some sturdy learning resources, check this out:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
0
 
LVL 3

Accepted Solution

by:
bayoubeast earned 250 total points
Comment Utility
Oops, yes they're right you need to use the function to escape each variable individually.
0
 

Author Closing Comment

by:matthewdacruz
Comment Utility
Thanks Guys
Lot to think about
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
This article discusses how to create an extensible mechanism for linked drop downs.
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now