PHP MySQL query values when use implode() function

Question

I've been using implode function of php and suddenly I encounter a problem regarding it.

<?php 
$insertValues[] = "(default,'{$y}', '{$p}', '{$o}', '{$i}', '{$u}','AMM-40','test')"; 

$query_status = "INSERT INTO `mobile1_mn1`.`logs_inbound` (
                  `log_id`, `originator`, `sender`, `date`, `time`,
                   `message`, `company_id`, `keyword`) 
                 VALUES". implode(',',$insertValues);
?>

When the information on $y,$p,$o,$i and $u does not have any single 'quotations' and commas it can save my information on database but when I have a string say for example the string is "he's good" and "Im, good" having a comma and quote it can't save my information anymore...

This might help clear things up a bit stackoverflow.com/questions/2137960/quotes-in-queries — Kristoffer Sall-Storgaard
– Kristoffer Sall-Storgaard, Commented Feb 8, 2012 at 11:31
What does this question to do with implode? do you have any problem with implode? — Your Common Sense
– Your Common Sense, Commented Feb 8, 2012 at 11:34

Sameera Thilakasiri · Accepted Answer · 2012-02-08 11:30:43Z

3

You have to properly escape the string, use mysql_real_escape_string

The mysql_real_escape_string() function escapes special characters in a string for use in an SQL statement

The following characters are affected:

\x00
\n
\r
\
'
"
\x1a This function returns the escaped string on success, or FALSE on failure.

answered Feb 8, 2012 at 11:30

Sameera Thilakasiri

9,51810 gold badges54 silver badges87 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

xkeshav · Accepted Answer · 2012-02-08 11:31:19Z

1

use mysql_real_escape_string()

answered Feb 8, 2012 at 11:31

xkeshav

54.2k47 gold badges183 silver badges256 bronze badges

Comments

Your Common Sense · Accepted Answer · 2012-03-06 04:51:50Z

1

You have to escape SQL strings. You can use mysql_real_escape_string for this.

edited Mar 6, 2012 at 4:51

Your Common Sense

158k42 gold badges226 silver badges374 bronze badges

answered Feb 8, 2012 at 11:29

Shakti Singh

86.7k21 gold badges142 silver badges156 bronze badges

4 Comments

Your Common Sense Over a year ago

Escaping whatever "inputs" makes absolutely no sense. Escaping belongs to strings only and completely useless for any other "inputs". I hope eventually at least 10k+ folks will learn such a basic concept and refrain from writing misleading answers.

Shakti Singh Over a year ago

@Col.Shrapnel: All inputs are by default strings in php. So here input == string. I though that you would get it

Your Common Sense Over a year ago

I thought it is obvious that the topic in question is mysql strings, not PHP variables. Parts of the query that are enclosed in quotes. An number, when placed in the query without quotes, although being of string type in PHP will gain no benefit from escaping. Go figure. Not to mention silly "user unputs". As though non-user supplied strings require no escaping.

Your Common Sense Over a year ago

see your "escaping user inputs": stackoverflow.com/questions/9577833/…

djot · Accepted Answer · 2012-02-08 11:30:51Z

-1

You have to put data/values that are STRINGS in quotes, so only imploding won't work here.

answered Feb 8, 2012 at 11:30

djot

2,9474 gold badges22 silver badges28 bronze badges

Collectives™ on Stack Overflow

PHP MySQL query values when use implode() function

4 Answers 4

Comments

Comments

4 Comments

Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

4 Answers 4

Comments

Comments

4 Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related