Insert quote text in mysql database

Asked

Viewed 1,842 times

1

I am using the following code to insert a quoted text into a mysql database:

mysqli_query($con, "insert into medicacaohistorico (data, unidadeori, unidadedes, itemdetalhe, qtd, solicitante, despachante) values ('".date("y-m-d")."', '".$nome = mysqli_real_escape_string($con, $usuario['unidade'])."', '".$unidadeDes."', '".substr($dados[$i], 1)."', '".$dados[$i + 1]."', '".$solicitante."', '".$despachante."')")

I learned to use the mysqli_real_escape_string but the same is not working.

The unsaved string is:

insert into medicacaohistorico (data, unidadeori, unidadedes, itemdetalhe, qtd, solicitante, despachante) values ('18-08-08', '5', '0', '12', '1', 'DAMIAO', 'MEDICO CAIXA D'AGUA')
mysql query mysqli select

1 answer

3


The command should look like this (using single folded quotes):

insert into medicacaohistorico (data, unidadeori, unidadedes, itemdetalhe, qtd, solicitante, despachante) values ('18-08-08', '5', '0', '12', '1', 'DAMIAO', 'MEDICO CAIXA D''AGUA')

or so (used backslash):

insert into medicacaohistorico (data, unidadeori, unidadedes, itemdetalhe, qtd, solicitante, despachante) values ('18-08-08', '5', '0', '12', '1', 'DAMIAO', 'MEDICO CAIXA D\'AGUA')

  • right, but how to do that when I get the string like this $usuario['unidade']?

  • By its query, who has the quote character is the dispatcher and not unit, is last value in values, then basically it would be like this, for example: $despachante = real_escape_string($usuario['despachamte']);

  • Therefore, that’s right, the dispatcher is the unit, so I confuse. grateful there

Browser other questions tagged mysql query mysqli select

You are not signed in. Login or sign up in order to post.