Forums »
  PHP Forums And Topics Discussions About Hyper Text Programming Language »
    how insert data into mysql when cannot use the ' carracter apostrophe

how insert data into mysql when cannot use the ' carracter apostrophe

Description: learn how insert data into mysql in this post will show you how to solve this problem when cannot use the carracter apostrophe PHP
Tags: how ,insert ,data ,into ,mysql ,when ,cannot ,use ,the ,carracter ,apostrophe
Posted On Wed Nov 29, 2006 By leni In PHP Forums And Topics Discussions About Hyper Text Programming Language Forums
I want to share this i learn here.

Last week i wrote a php script where it was a form, and once the form was submitted, it would enter the information into my mysql database, but for some reason, whenever the information data contain the apostrophe character (the apostrophe charactor is the one that's next to the enter key on your keyboard. Which is the apostrophe key? its this one: ' )

note: this asumes you are familiar with php, mysql and html.

this is an example of the data to be entered into the database when a user would submit the form with information:

This is an example of the apostrophe not being inserted into my datase when the user's information is entered


one thing i learned is that if the information was entered with the backlash character infront of the apostrophe it would work, so my input information would look like, it would work:
This is an example of the apostrophe not being inserted into my datase when the user\'s information is entered


Notice i basically changed user's to user\'s

If i were to try to enter this data into my database with my form, it wouldn't work. Finally, i figured out why it doesn't work. I figured out a PHP function to allow these specials characters into the database using ther INSERT or UPDATE commands.


But i know i couldn't have my visitors have to enter a \ character everytime they use the apostrophe character.

I found a php function that does the trick, its called the: mysql_real_escape_string()

So to understand the mysql_real_escape_string() function, i will show you how it works in a real example:

Lets say i have a form, where i ask the user's name, once the user submits the form, his name would be entered into a database.

the name of the input variable will be called "user_name" so the HTML code would like something like this:
<form method="post" action="">
<input type="text" name="user_name" value="wallpaperama's">
<br />
<br />
<input type="submit" name="Submit" value="Submit">
</form>


In this case, the value of user_name is equal to: wallpaperama's

now when its time for the PHP to process the variable user_name and inster into the data, i would use the mysql_real_escape_string() function to make it work, and this is how i would declare it in the php script

<?php
$user_name = mysql_real_escape_string ($_POST['user_name']);
?>


Now that the variable $user_name has been declared with the real strings, i can insert it into the database and mysql will take it withoug any problems.

<?php
$sql = "INSERT INTO users SET username = '".$user_name."' ";
?>



mysql_real_escape_string = Escapes special characters in a string for use in a SQL statement

Description
string mysql_real_escape_string ( string unescaped_string [, resource link_identifier] )

if you want more hel on this function, you can visit the official PHP website at:
http://www.php.net/manual/en/function.mysql-real-escape-string.php

Thanks and i hope it helps, i tried everywhere to find this, but no one would give me information because i didn't know how to explain it.

leni



Songbay Mon May 13, 2013
Thanks so much for this clear guide. I've been trying for ages to sort out the apostrophe problem on user entered data on my site. This worked perfectly for me. Thanks for taking the time to upload your instructions
Massy Sat Apr 28, 2012
This is also very important from a security perspective. What happens usually when you enter an apostrophe is that you manipulate the MySQL query with the '. This means a hacker can manipulate what the query is supposed to do.
shashi Tue Mar 20, 2012
That's good its really work.
JL Sun Mar 04, 2012
Thank You Thank You sir. dawned on me that an ' makes php think that your string has ended. your tut works perfect! :D
Leroy Sat Feb 11, 2012
Thank you so much for this. I searched the net and got so much other advice that did not work. This works and really makes sense.
fja3omega Thu Feb 09, 2012
Thank you very much. I was having a bit of trouble on this one.
shoaib Mon Jan 23, 2012
its nice but it causes another problem that after each inserted paragraph \n\r\ type characters are visible in the display
Derek Thu Dec 29, 2011
Awesome.
Was very helpful.
It's working.
Kris Fri Dec 09, 2011
I've been trying to figure out why my code wasnt working for WEEKS! thank you so much
Tom Tue Jul 26, 2011
You are the king - took me hours to find this gem - it works!
evan Mon Jul 18, 2011
thankyou so much! you save my day!
aljo1985 Mon May 02, 2011
Thankyou so much.
It was driving me crazy.
I thought I would have todo a string replace.
mendax Sat Apr 16, 2011
THANK YOU so much !!!!
Marcus Fri Apr 08, 2011
Thank's alot ' for apostrophe problem solution
Dave Sun Feb 13, 2011
Thanks a lot. Just what I was looking for. Magic Quotes are OFF in PHP nowadays, so stripslashes() and its partner are not available (because it caused more problems than it was worth). So this is the only way to get HTML form text with apostrophes into MySQL.
Arcel Wed Dec 29, 2010
good work homy, this helped me alot, ur smart Man!
Rafique Fri Nov 26, 2010
nyc work perhaps!! trim(stripslashes($_POST[
bob Sat Nov 13, 2010
Cheers for that - just what I was after - I'd been trying to construct a work around for this for ages
chipowski Sat Jul 24, 2010
thank you so much. you are a star. works perfectly
Aleron Fri Jul 16, 2010
Thanks leni, this solved exactly the prob I was having too, all the other posts made it seem much more complex than it is... Cheers bud!
sebestiraj Thu Jul 01, 2010
Thank You i understand very well about the mysql_real_escape_string( Its super Example. and another help is needed for me can u please give idea or solution to my problem. my problem is i create one sample cms to add news page using php in that all are success but the data is not in the database the page also show as empty page after i clicking that submit button in my form
can u please help me or give refference
Mek Mon Jun 14, 2010
It helps me today. Thanks. I was trying to build a forum app. I copy the raw code from the web.
jeff Thu May 20, 2010
Thank you sooooooo much for explaining this!! I wasn't sure how to fix this problem and don't understand php too well. This was super easy and it worked!! Blessings to you my friend!
Cruzader Tue May 11, 2010
Worked like a charm. Excellent job my friend. Thanks.
Jose Wed May 05, 2010
Wow, thanks a lot for creating this explanation. It was exactly what I was looking for. BTW, I'd be happy to edit this, grammar and spelling-wise, no offense intended. Just email me or reply to my comment. Again, thanks!
Sewakpreet Wed Mar 10, 2010
Thank you very much, it is really solve my big problum... Thanx
Dave Tue Mar 09, 2010
BAM -- now i can remove my **Do not post ' values ** crap form my site

this function == EPIC WIN
jaysoncdavid Wed Jan 20, 2010
Thanks,
I had problems with the apostrophe inserting in sql with the input box on my website fixmywpblog dot com and this solves all the problems.
Ron Mon Jan 18, 2010
Leni,

Thanks so much for this post! I had been struggling with this issue for many hours when I first saw this post. Worked like a charm!!
Dave Tue Dec 22, 2009
you are the man, i have been driving myself mad for almost a week trying to figure this one out. thanks mate. i will buy you a beer sometime.
capt38 Mon Jul 13, 2009
god bless you leni
Adam Fri May 29, 2009
this is exactly what i was looking for and solved my problem perfectly. thank you!!
Kent Fri Apr 17, 2009
thanks for doing this. it saved me too.
Siva Mon Mar 30, 2009
dear leni,
i am a begineer for php with mysql.i got fedup the prblm in apostrophes.your posting is very hel for me.i want know this function use for other special character like ambersand ~.i appricate your work.thanks for your help.
kindly regards
siva
cbo Tue Sep 02, 2008
i have this exact problem. how can i apply mysql_real_escape_string to this code?

$addition.="fname='$
Information
Title: how insert data into mysql when cannot use the ' carracter apostrophe
Info: This Post Has Been Viewed 0 Times Since
Date: Wed Nov 29, 2006
Author leni Received 46 Replies #975
PHP Tutorials- How To Replace Change Certain Letters Strings In Forms
Related Content
Related Pages
Related Sites
Add Your Website
Share
wallpaperama | Wallpapers | Forums | Terms Of Service

copyright © 2013 wallpaperama - All Rights Reserved - Last Updated Wed Jun 19, 2013 (-8 GMT)
Powered by: Webune Forums V5