Solved

PHP isert quer help needed

Posted on 2014-04-18
5
319 Views
Last Modified: 2014-05-04
Hi guys
I have the following query.
When I an insert query contains a quote (e.g. Kellog's), it fails to insert a record.

Can I just add mysql_real_escape_string around line 24?

mysql_real_escape_string(('$tkw', '$PID','$KWtkid','$kwSource_bulk','$kwType'))

Will this work?

Thanks

Matt
sample.txt
0
Comment
Question by:matthewdacruz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 3

Assisted Solution

by:bayoubeast
bayoubeast earned 250 total points
ID: 40009838
You should use mysqli_real_escape_string and it should work.  mysql_real_escape_string should work too, but it's going to go away eventually.  You're missing some quotes in your post too, should be something like:

$inserts_sup[] = mysql_real_escape_string("('$tkw', '$PID','$KWtkid','$kwSource_bulk','$kwType')");

Open in new window


http://us3.php.net/mysql_real_escape_string
http://us3.php.net/manual/en/mysqli.real-escape-string.php
0
 
LVL 27

Assisted Solution

by:skullnobrains
skullnobrains earned 125 total points
ID: 40010057
no. you need to escape each of the values and not the whole insert block or your query will break.

rather do something like

foreach (array('tkw', 'PID','KWtkid','kwSource_bulk','kwType') as varname)
  $$varname=mysql_real_escape_string($$varname);

$inserts_sup[] = "      ('$tkw', '$PID','$KWtkid','$kwSource_bulk','$kwType')";

i personally often user var_export (or addcslashes). advantage is that it is reversible, con is that it is vulnerable to injections using c escape sequences. in web server contexts, this is generally not a problem because they'd be handled beforehand.
0
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 125 total points
ID: 40010373
Please see the article here.  It shows in detail, with examples, how to prepare data for use in a query, using either MySQLi or PDO.  It also shows what you must do to keep your scripts running in the future.  You cannot depend on MySQL any more.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/PHP_Databases/A_11177-PHP-MySQL-Deprecated-as-of-PHP-5-5-0.html

This page gives a mapping of the familiar but obsolete MySQL extensions to the current MySQLi and PDO extensions.
http://iconoun.com/mysql_mysqli_pdo_function_map.php

In case you're new to PHP and want to find some sturdy learning resources, check this out:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
0
 
LVL 3

Accepted Solution

by:
bayoubeast earned 250 total points
ID: 40012933
Oops, yes they're right you need to use the function to escape each variable individually.
0
 

Author Closing Comment

by:matthewdacruz
ID: 40040089
Thanks Guys
Lot to think about
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question