Solved

PHP isert quer help needed

Posted on 2014-04-18
5
314 Views
Last Modified: 2014-05-04
Hi guys
I have the following query.
When I an insert query contains a quote (e.g. Kellog's), it fails to insert a record.

Can I just add mysql_real_escape_string around line 24?

mysql_real_escape_string(('$tkw', '$PID','$KWtkid','$kwSource_bulk','$kwType'))

Will this work?

Thanks

Matt
sample.txt
0
Comment
Question by:matthewdacruz
5 Comments
 
LVL 3

Assisted Solution

by:bayoubeast
bayoubeast earned 250 total points
ID: 40009838
You should use mysqli_real_escape_string and it should work.  mysql_real_escape_string should work too, but it's going to go away eventually.  You're missing some quotes in your post too, should be something like:

$inserts_sup[] = mysql_real_escape_string("('$tkw', '$PID','$KWtkid','$kwSource_bulk','$kwType')");

Open in new window


http://us3.php.net/mysql_real_escape_string
http://us3.php.net/manual/en/mysqli.real-escape-string.php
0
 
LVL 26

Assisted Solution

by:skullnobrains
skullnobrains earned 125 total points
ID: 40010057
no. you need to escape each of the values and not the whole insert block or your query will break.

rather do something like

foreach (array('tkw', 'PID','KWtkid','kwSource_bulk','kwType') as varname)
  $$varname=mysql_real_escape_string($$varname);

$inserts_sup[] = "      ('$tkw', '$PID','$KWtkid','$kwSource_bulk','$kwType')";

i personally often user var_export (or addcslashes). advantage is that it is reversible, con is that it is vulnerable to injections using c escape sequences. in web server contexts, this is generally not a problem because they'd be handled beforehand.
0
 
LVL 109

Assisted Solution

by:Ray Paseur
Ray Paseur earned 125 total points
ID: 40010373
Please see the article here.  It shows in detail, with examples, how to prepare data for use in a query, using either MySQLi or PDO.  It also shows what you must do to keep your scripts running in the future.  You cannot depend on MySQL any more.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html

This page gives a mapping of the familiar but obsolete MySQL extensions to the current MySQLi and PDO extensions.
http://iconoun.com/mysql_mysqli_pdo_function_map.php

In case you're new to PHP and want to find some sturdy learning resources, check this out:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
0
 
LVL 3

Accepted Solution

by:
bayoubeast earned 250 total points
ID: 40012933
Oops, yes they're right you need to use the function to escape each variable individually.
0
 

Author Closing Comment

by:matthewdacruz
ID: 40040089
Thanks Guys
Lot to think about
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Can i Import Access Table Into Oracle Using Toad 36 171
wordpress on root is limiting my .htaccess 404.php options 4 26
AWS EC2 & RDS Instance 5 35
error log using ftp 7 40
Read about achieving the basic levels of HRIS security in the workplace.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question