Apostrophe does not work in mysql/PHP


Ask by : tobias November 04, 2012 14:20

Possible Duplicate:
apostrophes are breaking my mysql query in PHP

My Android App is sending a message to my server (PHP script) The PHP script is writing the message into MySQL.

It works fine, but all messages containing an apostrophe ' (e.g. he's going to school) are not written into the database.

Here the php script:

function deq($s)
{
    if($s == null)
        return null;
    return
        get_magic_quotes_gpc() ?
        stripslashes($s) : $s;
}

  if(md5(deq($_REQUEST['blub']).deq($_REQUEST['blub'])."blabla") == $_REQUEST['hash']){
    mysql_connect("localhost", "blub", "blub") or die(mysql_error());
    mysql_select_db("blub") or die(mysql_error());

   // mysql_set_charset('UTF8');  // does not work as too old php
   mysql_query("SET NAMES 'utf8'");
mysql_query("SET CHARACTER SET utf8");
mysql_query("SET COLLATION_CONNECTION = 'utf8_unicode_ci'");

    $mysqldate = gmdate( 'Y-m-d H:i:s');

    $language = (int) $_REQUEST['language'];

    $device = $_REQUEST['device'];

    $ipaddress = $_SERVER['REMOTE_ADDR'];


    mysql_query("INSERT INTO test(username, text, language, rating, checked, date)
    VALUES('".$_REQUEST['username']."', '".$_REQUEST['text']."', '".$language."', '0' , 'false', '".$mysqldate."') ")
    or die(mysql_error());

    mysql_close();
View original question

Answer by : GBDNovember 04, 2012 13:59

All you need to escape ' like below

$_REQUEST['text'] = mysql_real_escape_string($_REQUEST['text']);
View original answer