Home/ Questions/Q 6175795
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T23:59:10+00:00

i am trying to insert data to database but it removing braces'{}’ while inserting

  • 0

i am trying to insert data to database but it removing braces'{}’ while inserting i am using this code.

<pre><code>
require_once './includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_DATABASE);
$aa['alt']="happy alt";
$aa['title']="happy title";
$sldata=serialize($aa);
$sql="Insert into test(pval) values('".$sldata."')";
echo $sql;
db_query($sql);    
</pre></code>

my db structure is as 

<pre><code>
CREATE TABLE IF NOT EXISTS `test` (
  `sl` int(11) NOT NULL AUTO_INCREMENT,
  `pval` text NOT NULL,
  PRIMARY KEY (`sl`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1
</pre></code>

suggest me what is wrong here..

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Drupal uses {} arround the tables names, to be able to do some manipulations on those names — like prefix them, if you have configured it to do so.

    So, you must not use {} in your query — except arround tables names, of course.

    Instead of brutaly injecting your serialized-string into the SQL query, you must use place-holders in it — and pass the corresponding values to db_query(), which will take care of escaping what has to be :

    $sldata = serialize($aa);
$sql = "insert into {test} (pval) values('%s')";
db_query($sql, $sldata);

    Here :

    • As the pval field is a string in database, I used a %s place-holder
    • And the first value passed to db_query() (after the SQL query itself, of course) will be injected by drupal, to replace that first (and only, here) placeholder.

    And, for more informations, you might want to take a look at Database abstraction layer.

    • 0