MySQL error when inserting data containing apostrophes (single quotes)?

Question

When I an insert query contains a quote (e.g. Kellog\'s), it fails to insert a record.

ERROR MSG:

You have an error in your SQL s

Answer 1

Replace mysql with mysqli. Use this

mysqli_real_escape_string($connection,$_POST['Description'])

Answer 2

You can also use the addslashes() function which automatically puts \ before ' to avoid error

Answer 3

In standard SQL, you use two single quotes to indicate one single quote, hence:

INSERT INTO SingleColumn(SingleChar) VALUES('''');

The first quote opens the string; the second and third are a single quote; and the fourth terminates the string. In MySQL, you may also be able to use a backslash instead:

INSERT INTO SingleColumn(SingleChar) VALUES('\'');

So, in your example, one or both of these should work:

INSERT INTO UnidentifiedTable
    VALUES('Kellog''s', 'Corn Flakes 170g', '$ 15.90', '$ 15.90', '$ 14.10', '--');
INSERT INTO UnidentifiedTable
    VALUES('Kellog\'s', 'Corn Flakes 170g', '$ 15.90', '$ 15.90', '$ 14.10', '--');

In PHP, there is a function to sanitize user data (mysql_real_escape_string) before you embed it into an SQL statement -- or you should use placeholders. Note that if you do not sanitize your data, you expose yourself to SQL Injection attacks.

Answer 4

Escape it by using a helper function like:

function safeDBname($table_name)
{
  $outputText=str_replace("'","",$outputText);
  return strtolower($outputText);
}

Answer 5

i did it as below-

in my case description field contains apostrophe(').

and here is code:

$description=mysql_real_escape_string($description);

"insert into posts set name='".$name."', address='".$address."', dat='".$dt."', description='".$description."'";

it solved my problem

Answer 6

You need to escape the apostrophe (that is, tell SQL that the apostrophe is to be taken literally and not as the beginning or end of a string) using a \.

Add a \ before the apostrophe in Kellogg's, giving you Kellogg\'s.