Home/ Questions/Q 9221035
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T03:29:15+00:00

Possible Duplicate: How do I handle single quotes inside a SQL query in PHP?

  • 0

Possible Duplicate:
How do I handle single quotes inside a SQL query in PHP?

Greeting ,
I have a small script which is used for applications and it saves questions answer into the database. The script is given below:

while(list($QKey,$QVal) = each($AppQuestions)) {
    $result2= mysql_query("
         INSERT INTO forum_app_answers (AID, AppID, Question, Answer)".
         " VALUES (NULL, '$AppID', '$Questions[$QKey]', '$QVal')"
     ) or die(mysql_error());

Now the problem is that if someone write ‘ character in the answer , the data doesnt get saved. For simple writing its okay . The problem is only if the answer contains ‘ in it. any help will be highly appreciated tx

The following error occures:
You Have An Error In Your SQL Syntax; Check The Manual That Corresponds To Your MySQL Server Version For The Right Syntax To Use Near ‘s GF. Channel Services’)’ At Line 1

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You may try:

    while(list($QKey,$QVal) = each($AppQuestions)) {
    $result2= mysql_query("
       INSERT INTO forum_app_answers
           (AID, AppID, Question, Answer)". " 
       VALUES (
           NULL,
           '$AppID',
           '$Questions[$QKey]',
            '". mysql_real_escape_string($QVal). "')
      ") or die(mysql_error());

    Without mysql_real_escape_string() your script also has huge security issues.

    • 0