0

I'm using mysql_real_escape_string to escape my content but I am receiving an error in a SQL INSERTION QUERY for having a single-quote unescaped. How can I resolve this?

$content = mysql_real_escape_string("'content'",$conn);

The error message I am receiving is:

You have an error in your sql syntax near 'content

My SQL Query ENDS UP BEING of the following:

$sql = "INSERT into `table` (`column`) VALUES ("'content'")

INSTEAD OF 

$sql = "INSERT into `table` (`column`) VALUES ("\'content\'")

I also tried using single quotes for my delimiter and ended up failing on a double quote not being escaped.

Improve this question
4
  • 1
    You asked this question 5 minutes ago. We asked to provide some code snippet. Please. Commented Dec 10, 2009 at 19:48
  • Please quote your error messages in full. Commented Dec 10, 2009 at 19:49
  • An example string would be really helpful - what you're describing shouldn't be possible. Commented Dec 10, 2009 at 19:49
  • @Anodyne : except if the error is in another part of the SQL query ;-) Like the rest of the insert... Which is why people keep asking @Jonathan to provide a longer code portion Commented Dec 10, 2009 at 19:54

1 Answer 1

Reset to default
2

Like people said in your previous that you deleted, you need to give us more informations, like a full example that shows each steps of the construction of your query ; and, also you should give use the SQL query by itself, and the error message you get...

Still, if you allow me quoting your previous question, you said your SQL query was the following :

insert into `exp_weblog_data` (`entry_id`,`site_id`,`weblog_id`,`field_id_117`,`field_ft_117`,`field_id_27`,`field_ft_27`,`field_id_26`,`field_ft_26`,`field_id_28`,`field_ft_28`,`field_id_129`,`field_ft_129`,`field_id_33`,`field_ft_33`) 
values ("","1","112","Patch 1.10","none","","none","- Fixed a bug with certain Creative Lab DVD drives and copy protection.("Unable to connect to Battle.net").","none","","none","ftp://totukati.gamezone.com/lodpatch_110.exe","none","[16020] Diablo II: Lord of Destruction","none")

If it is still that same query, strings in SQL must not be delimited by double quotes ("), but by simple quotes (').

Which means your query should look a bit more like this :

insert into `exp_weblog_data` (`entry_id`,`site_id`,`weblog_id`,`field_id_117`,`field_ft_117`,`field_id_27`,`field_ft_27`,`field_id_26`,`field_ft_26`,`field_id_28`,`field_ft_28`,`field_id_129`,`field_ft_129`,`field_id_33`,`field_ft_33`) 
values ('','1','112','Patch 1.10','none','','none','- Fixed a bug with certain Creative Lab DVD drives and copy protection.("Unable to connect to Battle.net").','none','','none','ftp://totukati.gamezone.com/lodpatch_110.exe','none','[16020] Diablo II: Lord of Destruction','none')
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

@Jonathan : that (editing your other question) might have been a solution ;-)
@Pascal now I know not to redraft the same question :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.