I try to enter the data from the array into the database. But for some reason, the query ignores lines where there is a symbol ('). Lines with this character are simply ignored. Here is the code I'm trying to add:

$item_list = file_get_contents(ROOT."/models/file.json"); $inv = json_decode($item_list, true); $api = "xxxxxxxxxx"; $CONNECT = mysqli_connect(HOST, USER, PASS, DB) or die("CONNECTION ERROR !"); foreach ($inv['items_game']['items'] as $key => $value) { if ( $value['prefab'] == "wearable"){ $string = $value['image_inventory']; $link = substr($string,strrpos($string,'/') +1,strlen($string)); $item_link = file_get_contents("https://link.com"); $item_info = json_decode($item_link, true); mysqli_query($CONNECT, "INSERT INTO `itemlist_steam` VALUES ( '', $key, '".$value['name']."', '".$item_info['result']['path']."')"); }

How to force this request not to ignore value ['name'], in which there is a '?

  • four
    never substitute data in the request text. Use the binding values php.net/manual/ru/mysqli-stmt.bind-param.php - Mike
  • Think about what will happen if someone like me tries to write the string ', ''); DROP TABLE itemlist_steam; -- ', ''); DROP TABLE itemlist_steam; -- ', ''); DROP TABLE itemlist_steam; -- - andreymal

0