My server is running PHP 5.2.17 and I have disabled the magic quotes with the php.ini file. I have an array of strings, some of which are similar to
abcd "efg" hij'k lmnop'q
I run them away to insert into mysql database using the following code
foreach($array as &$data) { mysql_real_escape_string($data); }
Then I create my sql so
$sql='INSERT INTO table VALUES('. '"'.$array[0].'", '. '"'.$array[1].'", '. '"'.$array[2].'")';
I get an error when trying to fulfill my request. I output the $ sql variable when I get an error, and it seems that mysql_real_escape_string is avoiding single quotes or double quotes.
If my $ sql variable is created using single quotes with column values ββin double quotes, as described above, then single quotes are escaped, but double quotes are not.
If I switch the quotes so that the $ sql variable is created using double quotes and the column values ββare in single quotes, only double quotes are escaped.
Can anyone understand what could be wrong?
** UPDATE
I understood the match. I changed my code to the following and it works:
foreach($row as &$data) { $data = mysql_real_escape_string($data); }
source share