This example illustrates different ways to define single and double quotes in the php application with sql query.
In php page, if user enters data containing single quote then it may cause error while manipulating the data with the database.
For example, In any page, if user enters the value like:
User Name: suman
Then the query to insert the information will be as follows, which is absolutely correct according to the Sql syntax.
|INSERT INTO users (username, email) VALUES ('suman', 'email@example.com');|
But if user enters the values like:
User Name: sum'an
Then the query to insert the information will be as follows, which is not correct according to the Sql syntax. So it shows fatal error in the page.
|INSERT INTO users (username, email) VALUES ('sum'an', 'firstname.lastname@example.org');|
If you want the user may enter the values like above then you have to handle the situation by adding back slash before each single quote i.e. ' should be replaced by \'. You can do so by passing the value to the addslashes() method in php.
Table: users before insertion
Source Code of sql_quotes.php
If you enjoyed this post then why not add us on Google+? Add us to your Circles
Liked it! Share this Tutorial
Discuss: PHP SQL Quotes and Quoting
Post your Comment