Home/ Questions/Q 5954225
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T17:56:26+00:00

I am simply trying to insert these objects into a table with php. $sql

  • 0

I am simply trying to insert these objects into a table with php. 

$sql = 'INSERT INTO table VALUES( '.$active.' , '.$id.' , '.$time.' , '.$url.' ,"some string" )';

The url in the above code is: http://www.youtube.com/watch?v=sAYc3gGjYW8

When I leave the url column empty it works, when I put an url in it then it doesnt work and I get the following error.

“Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near
‘://www.youtube.com/watch?v=sAYc3gGjYW8 ,”some string” )’
at line 1.”

QUESTION:

Why does the url not insert just like a normal string?

Is there some sort of function I need to perform on the url_string before it is accepted by MySQL?

PS – the url column is currently VARCHAR(256).

Any help appreciated guys…

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You’re not escaping your inputs. mysqli_real_escape_string() is your friend.

    Remember all input is evil. Validate and sanitize, otherwise you’re going to be subject to a whole host of nastiness, from data that’s out of bounds (124 char long strings when the field is varchar(10), for example) to opening your code up to SQL injection exploits.

    Example:

    $safe_url = mysqli_real_escape_string($database_connection_object, $url);

    Also, you might want to save yourself some keystrokes, change that string to a double quoted one and interpolate the variables – i.e. "blah blah $some_var foo foo" is the same as 'blah blah ' . $some_var . ' foo foo'

    • 0