insert text to sqlite where text have "

Question

I want to read query string from URL and save them into a sqlite database I face with these Error message:

PHP Warning:  SQLite3::exec(): near ",&qu         


        

Answer 1

As mentioned by @HassanAhmed, this is what happens when inputs are not properly handled; you're seeing the same issue as if someone was using SQL injection against you. The quick fix is to wrap the fields in quotation marks:

VALUES ("Ehsan", "$Tel", date('now'), "$Content");

What you should be doing is binding the parameters:

$sql =<<prepare($sql);
$stmt->bindValue(':tel', $_REQUEST['from']);
$stmt->bindValue(':content', $_REQUEST['text']);

$ret = $stmt->execute();