proper way to format text to insert in database using php

Question

I try to insert this information in Mysql database

$mytext = "this is a word in french d'origine francaise";

Then the PHP sql code:

$sql = "INSERT INTO tchapter (content) VALUES ('". $mytext ."')";

It will send me an error because i have a ' apostrophe character in the $mytext, in fact it will mix between the apostrophe '". $mytext ."' that exist in the $sql.

My question is what is the proper way to prepare the text to be entered in a database to prevent any type of error with the special character.

Also i should get back the text from the database as it appear before in the html page.

If you're using MySQLi or PDO and parametrized queries, as you should be, this becomes a non-issue. — Jay Blanchard
– Jay Blanchard, Commented Mar 9, 2015 at 17:12
As @JayBlanchard suggested MySQLi or PDO is a better approach. But mysql_real_escape_string would help you. php.net/manual/en/function.mysql-real-escape-string.php — Martin E.
– Martin E., Commented Mar 9, 2015 at 17:17

user2440647 · Accepted Answer · 2015-03-09 17:14:49Z

1

You can escape your string using the following function, prior to inserting in the database

mysql_real_escape_string()

answered Mar 9, 2015 at 17:14

user2440647

Sign up to request clarification or add additional context in comments.

1 Comment

Jay Blanchard Over a year ago

Please don't recommend deprecated functions.

Collectives™ on Stack Overflow

proper way to format text to insert in database using php

1 Answer 1

1 Comment

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

1 Comment

Your Answer

Sign up or log in

Post as a guest

Related