Database does not accept single quote ' when sending

Asked

Viewed 58 times

0

I have a small problem where if in the form I type only a quote ' it does not add in the database. Could someone tell me why and how I could solve this?

OBS¹: only with a quote, if I close it with another quote or put another type of symbol sends.

OBS²: no error appears, it performs the procedure of send but does not insert into database.

<?php
require_once("../config.php");
$nome = $_POST['nome'];
$tipo = $_POST['tipo'];
$data = $_POST['data'];

    /*Inserar na tabela */
    $query_evento = "INSERT INTO evento (nome, tipo, data) VALUES ('".$nome."', '".$tipo."', '".$data."')";
    $inserir_evento = mysql_query($query_evento);


?>
php mysql
  • 1

    Related: https://answall.com/q/579/57801

  • In case the name has single quotes?

  • Like this let’s say that in the name I type animal’s it does not send to the bank because it has a ' but if I type Animals it sends. So in case I have to use the right mysqli or Pdo?

  • 1

    But this is simple to solve: $nome = str_replace("'","''",$_POST['nome']);

  • Yes I understood, I will be taking the test and reading the article you sent me friend. Thank you very much

  • @kaiquemix what you have to do is use prepared statments or use the function addslashes.

  • @Robertodecampos I will be disallowing your reply and I will search on thank you

Show 2 more comments

1 answer

-1

You can use the function addslashes to get around this problem:

<?php
    require_once("../config.php");
    $nome = $_POST['nome'];
    $tipo = $_POST['tipo'];
    $data = $_POST['data'];

    /*Inserar na tabela */
    $query_evento = "INSERT INTO evento (nome, tipo, data) VALUES ('".addslashes($nome)."', '".$tipo."', '".$data."')";
    $inserir_evento = mysql_query($query_evento);


?>

Browser other questions tagged php mysql

You are not signed in. Login or sign up in order to post.