Possible Duplicate:
How to properly escape a string via PHP and mysql
I’m trying to populate a MySQL database, and to do so I’m parsing a data file and running a INSERT INTO ... query.
the table parsonspredictions_R is structured as:
+-------------+---------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------------+---------+------+-----+---------+----------------+
| id | int(11) | NO | PRI | NULL | auto_increment |
| drug_a | blob | NO | | NULL | |
| drug_b | blob | NO | | NULL | |
| correlation | float | NO | | NULL | |
| p_value | float | NO | | NULL | |
+-------------+---------+------+-----+---------+----------------+
However, there are some drug_x values which have ' along, so how could I escape my string in other to ignore or remove those ' from the string?
Example:
INSERT INTO parsonspredictions_R (
drug_a,
drug_b,
correlation,
p_value
) VALUES(
'2'-Hydroxyflavanone_28_0',
'Emodin',
0.165714,
0.0019
);
Results in:
Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ”, ‘Emodin’, 0.165714, 0.0019 )’ at line 1-b
You can escape ‘-character by typing
Or you can put your string in MySQL query in “”-quotes.
edited:
To make your file ready for regex you can use
mysql_real_escape_string()on text before using regex. It will escape all suspicious characters, like ‘-character.