views:

91

answers:

1

I'm using mysql_real_escape_string to escape my content but I am receiving an error in a SQL INSERTION QUERY for having a single-quote unescaped. How can I resolve this?

$content = mysql_real_escape_string("'content'",$conn);

The error message I am receiving is:

You have an error in your sql syntax near 'content

My SQL Query ENDS UP BEING of the following:

$sql = "INSERT into `table` (`column`) VALUES ("'content'")

INSTEAD OF

$sql = "INSERT into `table` (`column`) VALUES ("\'content\'")

I also tried using single quotes for my delimiter and ended up failing on a double quote not being escaped.

+2  A: 

Like people said in your previous that you delete (why did you delete it, btw ? ), you need to give us more informations, like a full example that shows each steps of the construction of your query ; and, also you should give use the SQL query by itself, and the error message you get...

Still, if you allow me quoting your previous question, you said your SQL query was the following :

insert into `exp_weblog_data` (`entry_id`,`site_id`,`weblog_id`,`field_id_117`,`field_ft_117`,`field_id_27`,`field_ft_27`,`field_id_26`,`field_ft_26`,`field_id_28`,`field_ft_28`,`field_id_129`,`field_ft_129`,`field_id_33`,`field_ft_33`) 
values ("","1","112","Patch 1.10","none","","none","- Fixed a bug with certain Creative Lab DVD drives and copy protection.("Unable to connect to Battle.net").","none","","none","ftp://totukati.gamezone.com/lodpatch_110.exe","none","[16020] Diablo II: Lord of Destruction","none")

If it is still that same query, strings in SQL must not be delimited by double quotes ("), but by simple quotes (').

Which means your query should look a bit more like this :

insert into `exp_weblog_data` (`entry_id`,`site_id`,`weblog_id`,`field_id_117`,`field_ft_117`,`field_id_27`,`field_ft_27`,`field_id_26`,`field_ft_26`,`field_id_28`,`field_ft_28`,`field_id_129`,`field_ft_129`,`field_id_33`,`field_ft_33`) 
values ('','1','112','Patch 1.10','none','','none','- Fixed a bug with certain Creative Lab DVD drives and copy protection.("Unable to connect to Battle.net").','none','','none','ftp://totukati.gamezone.com/lodpatch_110.exe','none','[16020] Diablo II: Lord of Destruction','none')

Hope this helps...


(If it's not the same question as the other post, sorry in advance)

Pascal MARTIN
i should have just editted the other one again.
Jonathan Kushner
@Jonathan : that (editing your other question) might have been a solution ;-)
Pascal MARTIN
@Pascal now I know not to redraft the same question :)
Jonathan Kushner