0

Im trying to put some information in my data base, I get the information from a text file, but i have the next problem, there is some words which i want to insert that have a simple apostrophe (') so how you know when u make an insert for string you need a couple of '' for each string, so when some word with a simple apostrophe comes in I got an error of syntax. For example:

Where $player = N'Zogbia

$resultado = mysql_query( "INSERT INTO equipo VALUES( '$nom_equipo', '$player' );" , $link );

How could I insert that kind of name without modify that simple apostrophe?

Michael Berkowski
  • 260,803
  • 45
  • 432
  • 377
user1938613
  • 5
  • 4
  • 1
    More importantly though, review [this question and its answers](http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php) – Michael Berkowski Feb 10 '13 at 20:34

1 Answers1

0

I would use function like addslashes or real_escape_string: http://php.net/manual/en/function.addslashes.php http://www.php.net/manual/en/mysqli.real-escape-string.php

Fuv
  • 922
  • 2
  • 12
  • 24