Menu
Can anyone tell me how to insert special characters into a MySQL database? I've made a PHP script which is meant to insert some words into a database, although if the word contains a ' then it wont be inserted.
I can insert the special characters fine when using PHPmyAdmin, but it just doesn't work when inserting them via PHP. Could it be that PHP is changing the special characters into something else? If so, is there a way to make them insert properly?
320
Use braces to escape a string of characters or symbols. Everything within a set of braces in considered part of the escape sequence. When you use braces to escape a single character, the escaped character becomes a separate token in the query. Use the backslash character to escape a single character or symbol.
So what is varchar in SQL? As the name suggests, varchar means character data that is varying. Also known as Variable Character, it is an indeterminate length string data type. It can hold numbers, letters and special characters.
Use NVARCHAR instead of VARCHAR. SQL Server provides both datatypes to store character information. For the most part the two datatypes are identical in how you would work with them within SQL Server or from an application.
A special character is one that is not considered a number or letter. Symbols, accent marks, and punctuation marks are considered special characters. Similarly, ASCII control characters and formatting characters like paragraph marks are also special characters.
$insert_data = mysql_real_escape_string($input_data);
Assuming that you have the data stored as $input_data
172
Are you escaping? Try the mysql_real_escape_string() function and it will handle the special characters.
38
You are most likely escaping the SQL string, similar to:
SELECT * FROM `table` WHERE `column` = 'Here's a syntax error!'
You need to escape quotes, like follows:
SELECT * FROM `table` WHERE `column` = 'Here\'s a syntax error!'
mysql_real_escape_string() handles this for you.
45
use mysql_real_escape_string
So what does mysql_real_escape_string do?
This PHP library function prepends backslashes to the following characters: \n, \r, \, \x00, \x1a, ‘ and “. The important part is that the single and double quotes are escaped, because these are the characters most likely to open up vulnerabilities.
Please inform yourself about sql_injection. You can use this link as a start
30
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
