Hello world,
I am passing a a string Joe's car as part of the SQL query to be inserted
to a String field.
$field=Joe's car;
$query=insert into mytable values('$field');
Do you generally change the quote to a double quote before inserting
or what is the recomended way, because otherwise the
backslash escape the quote:
$field=Joe\'s car;
or if you're using PHP you can turn this on automatically
HTH
Steve
Nestor Florez wrote:
Hello world,
I am passing a a string Joe's car as part of the SQL query to be inserted
to a String field.
$field=Joe's car;
$query=insert into mytable
Nestor,
You would do better to use prepared statements.
When a parameter is substituted into the prepared statement it is
automatically quoted -- and you are protected from SQL Injection
attacks. The reason your script is failing is that the single quote in
$field is being interpreted as the
