There is a cycle that writes the value of variables in the database, sometimes there is a quotation mark in the content of the variable and an error naturally occurs .... How to solve this problem? Example:

$id = 1; $person_lastname = "D'Arcy"; $result2 = "INSERT INTO shows (id,lastname) VALUES ('$id','$person_lastname')"; mysql_query($result2)or die(mysql_error());

    2 answers 2

    Should work) but did not check

     $data=preg_replace('/(")||(\')/','\\'.$1,$data);

    Well, or if it is correct

      $data=mysql_real_escape_string($data);

    Where data is the data received from the user (in which there may be a quotation mark)

    • yeah, right about mysql_real_escape_string($data) ! - thunder
    • That current that re-read your question about the regulars, and did not immediately recall the escape) - Vladimir Klykov
    • Somewhere a mistake even highlights here) - parks
    • one
      Exactly, I correct)) upd, now it’s right: Threat: I advise you to use the second option) from a heap of glitches ... ... - Vladimir Klykov

    mysql_real_escape_string() - in the same place you will see a message stating that this extension is no longer worth using.

    Alternative # 1 Improved MySQL Module , # 2 MySQL Functions (PDO_MYSQL) .

    This may be useful: prepared statement and stored procedures .