Latest Tutorials| Questions and Answers|Ask Questions?|Site Map



Home Sql Mysql-example PHP SQL Quotes and Quoting

Related Tutorials


 
 

Share on Google+Share on Google+

PHP SQL Quotes and Quoting

Advertisement
This example illustrates different ways to define single and double quotes in the php application with sql query.

PHP SQL Quotes and Quoting

     

This example illustrates different ways to define single and double quotes in the php application with sql query.

In php page, if user enters data containing single quote then it may cause error while manipulating the data with the database.

For example, In any page, if user enters the value like:

User Name: suman 
Email: suman@email.com

Then the query to insert the information will be as follows, which is absolutely correct according to the Sql syntax.

 

 

 

INSERT INTO users (username, email) VALUES ('suman', 'suman@email.com');

But if user enters the values like:

User Name: sum'an 
Password: suman@email.com

Then the query to insert the information will be as follows, which is not correct according to the Sql syntax. So it shows fatal error in the page.

INSERT INTO users (username, email) VALUES ('sum'an', 'suman@email.com');

If you want the user may enter the values like above then you have to handle the situation by adding back slash before each single quote i.e. ' should be replaced by \'. You can do so by passing the value to the addslashes() method in php.

Table: users before insertion

Source Code of sql_quotes.php 

<?php
  $con = mysql_connect("localhost","root","root");
  if (!$con) {
  die('Could not connect: ' . mysql_error());
  }

  mysql_select_db("test", $con);

  $user = "sum'an";
  $email  = "suman@email.com";
  
  $newuser = addslashes($user);

  $query = "INSERT INTO users (username, email) VALUES 
  ('$newuser', '$email')" or die(mysql_error();
  mysql_query($query);

  $result = mysql_query("SELECT * FROM users ORDER BY username desc");
  echo "<table border='1'>
  <tr>
  <th>Name</th>
  <th>Email</th>
  </tr>";
  while ($row = mysql_fetch_array($result)) {
  echo "<tr>";
  echo "<td>" . $row['username'] . "</td>";
  echo "<td>" . $row['email'] . "</td>";
  echo "</tr>";
  }
  echo "</table>";
  
  mysql_close($con);
?>

Download Source Code

Output:

 

Advertisements

If you enjoyed this post then why not add us on Google+? Add us to your Circles



Liked it!  Share this Tutorial


Follow us on Twitter, or add us on Facebook or Google Plus to keep you updated with the recent trends of Java and other open source platforms.

Posted on: January 20, 2009

Related Tutorials

Discuss: PHP SQL Quotes and Quoting  

Post your Comment


Your Name (*) :
Your Email :
Subject (*):
Your Comment (*):
  Reload Image
 
 
Comments:0
DMCA.com