23

I started learning PHP coding earlier October, the issue which is causing my trouble is that my users need to store text in the database (and the text would probably contain single and double quotes). Whenever, I put a single quote in the text, it'd cause an error. I really need to store single and double quotes, otherwise the users would have errors when their text would contain phrases like: It's my car. For the meanwhile, I turn single quotes to double ones with str_replace.

The query which I use for inserting the text into the database is: INSERT INTO notes (text) VALUES ('$text')

Isn't there any fix for it?

2
  • This question can be closed now as I got my answer. Thank you StackOverflow. It's was quite awesome to have an answer within 2 minutes. Commented Nov 29, 2014 at 15:17
  • 1
    You should probably use prepared statements rather than trying to escape it yourself. That way, it will just do the right thing independent of the value you provide. There is a good example at php.net/manual/en/mysqli-stmt.bind-param.php. Commented Nov 29, 2014 at 15:49

2 Answers 2

6

You can use a function like mysql_real_escape_string to escape the string before storing it into the database.

Sign up to request clarification or add additional context in comments.

1 Comment

Awesome! Got my answer!
1

Please use any of the following concepts:

  1. Use the QUOTE() function
  2. Use escaping

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.