ID: 42569
Comment by: bas at tobin dot nl
Reported By: prikid at gmail dot com
Status: Open
Bug Type: JSON related
Operating System: FreeBSD 6
PHP Version: 5.2.4
New Comment:
that's correct... JSON is just a way to serialize data to a string.
It's not the purpose of JSON to serialize data to be directly included
in a statement for a specific database.
The way MySQL escape strings is not a "universal" method as for
instance MS SQL does it another way.
If you wish to use JSON to store data in MySQL you should escape the
JSON string with the specific MySQL function to escape strings, see the
mysql_escape_string() and mysql_real_escape_string() functions
Previous Comments:
------------------------------------------------------------------------
[2007-09-05 18:22:12] prikid at gmail dot com
Description:
------------
When using json_encode() and trying to insert into mysql table field
with single quotes - single quote is not escaped and mysql produces
error.
Reproduce code:
---------------
$name = "Mike O'Brien";
$email = "[EMAIL PROTECTED]";
$settings = array("name"=> $name,"email" => $email);
$json = json_encode($settings);
$sql = "INSERT INTO `users` VALUES('".$json."')";
$result = mysql_query($sql) or die (mysql_error());
Expected result:
----------------
Successfull mysql insertion with escaped single quote.
Actual result:
--------------
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near 'Brien
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=42569&edit=1
