php - Insert ' character in sql -


this question has answer here:

i'm taking data external xml file, cannot make changes. need special characters.

this xml

<item> <name>lucy</name> <embed><iframe src='http://website.com style='something:somehow'></iframe></embed> </item> 

this sql table

$sql = "create table if not exists `models`(     `model_id` int not null auto_increment primary key,     `model_username` varchar(250) not null,     `model_embed` text not null )"; 

xml sql

foreach ($items $item) {        $name=$item->name;        $iframe=$item->embed;  $ins = " insert `models` (`model_username`, `model_embed`)          values ('$name', '$iframe') } 

and error

1064 : have error in sql syntax; check manual corresponds mysql server version right syntax use near 'http://website.com style='something:somehow' @ line 9

though, @fred-ii- takes cake spotting incorrect closure reason

it appears have number of problems within code.

the first, not closing variables off correctly:

$ins = " insert `models` (`model_username`, `model_embed`)          values ('$name', '$iframe') 

a solution be:

$ins = "insert `models` (`model_username`, `model_embed`)          values ('$name', '$iframe')"; 

notice closing double quote , semi-colon end of variable.

though, question closure relating sql injection valid, error message states:

'http://website.com style='something:somehow'

as inputting data directly query, encountering formatting errors pre-maturley closing sql syntax firing unexpected errors on end. solution swap prepared statements can utilized in mysqli (mysql improved library) or pdo.


Comments

Popular posts from this blog

Error while updating a record in APEX screen -

javascript - Jquery show_hide, what to add in order to make the page scroll to the bottom of the hidden field once button is clicked -

ios - Xcode 5 "No such file or directory" -