Tuesday, 24 May 2016

How to escape php mysqli query?

I am passing data from AJAX to my PHP. I just run a for loop to make my query. Problem with my data is that it contains single quote.



I am using single quote to enclose my parameters in the query. Query is something like



   INSERT INTO myTable (column1.column2) VALUES('value1', 'value2'), 
('value'1', 'value2');


I want to escape like




   INSERT INTO myTable (column1.column2) VALUES('value1', 'value2'), 
('value\'1', 'value2');


I just tried mysqli_real_Escape_String. It returns something like



   INSERT INTO myTable (column1.column2) VALUES(\'value1\', \'value2\'), 
(\'value\'1\', \'value2\');



So Query execution fails.



I don't think using htmlspeciachars is the right way for this.



Any suggestions?

No comments:

Post a Comment

c++ - Does curly brackets matter for empty constructor?

Those brackets declare an empty, inline constructor. In that case, with them, the constructor does exist, it merely does nothing more than t...