0

I'm having an issue with my MySQL query/php, I try to update a row in my database that will work usually, but when the string has a ' in it, for example

I don't like green eggs and ham.

The ' in it will cancel the whole response out and not update the row, so if I put something like this without the ' for example:

I dont like green eggs and ham.

The string will save to the row. Below is the MySQL query used and where I get the string from.

$NewMessage = $_POST['message123'];

mysql_query("UPDATE Account SET `function` = 'Message', `note` = '$NewMessage' WHERE `id` = '$ID' AND `Online` = '1'");

If you need anymore source or anything, please let me know, let me know what you think, thanks!

Improve this question
7
  • 1
    mysql_real_escape_string better use prepared statement. Commented Sep 4, 2015 at 7:41
  • use mysql_real_escape_string before your variable Commented Sep 4, 2015 at 7:42
  • 1
    STOP using deprecated mysql_* API. Use mysqli_* or PDO with prepared statements. Commented Sep 4, 2015 at 7:43
  • @AbhikChakraborty Wow, forgot all about that, thanks it worked 100%, the smallest things slip me sometimes! Commented Sep 4, 2015 at 7:44
  • 1
    @Jens Will be using that starting in a few days, this is just for testing, thanks! Commented Sep 4, 2015 at 7:45

3 Answers 3

Reset to default
0

Use *_real_escape_string

$NewMessage = mysql_real_escape_string($_POST["message123"]);

But of course, mysql_* API is already deprecated and I would recommend to you to use prepared statement instead.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Will be using PDO very soon, this is just for testing, thanks!
0

Hey friend you are need to change single ' with '' commas 2 times. then it is insert your value correct in table other generate error.

Real escape string use where we are need value like this doest. if we user value in database like it does't then right one is use '' 2 time single commas no doule commas

Improve this answer

Comments

0

Use simply addslashes() To read more about it click here

E.g in you code simply use addslashes() something like this

$NewMessage = addslashes($_POST['message123']);

I hope it will work for you.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.