Database error when inserting values into MySql
I have an error on insert value mysql.
Please see my PHP code
<?php
$ali = $_POST['ali'];
$con = @mysqli_connect('localhost', 'root', '', 'mohammad');
if (!$con) {
echo "Error: " . mysqli_connect_error();
exit();
}
$insertinto_ic_add = "INSERT INTO sq (text) VALUES ('" . $ali . "')";
mysqli_query($con, $insertinto_ic_add) or die("database error:" . mysqli_error($con));
?>
<form action="" method="post">
<input name="ali">
</form>
I input the values " n't " and an error occurs:
database error:You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 't')' at line 2
php mysql mariadb
edited Nov 19 '18 at 4:40
Bhandari
142113
asked Nov 18 '18 at 6:53
mohammad mahdavimohammad mahdavi
32
add a comment |
I have an error on insert value mysql.
Please see my PHP code
<?php
$ali = $_POST['ali'];
$con = @mysqli_connect('localhost', 'root', '', 'mohammad');
if (!$con) {
echo "Error: " . mysqli_connect_error();
exit();
}
$insertinto_ic_add = "INSERT INTO sq (text) VALUES ('" . $ali . "')";
mysqli_query($con, $insertinto_ic_add) or die("database error:" . mysqli_error($con));
?>
<form action="" method="post">
<input name="ali">
</form>
I input the values " n't " and an error occurs:
database error:You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 't')' at line 2
php mysql mariadb
edited Nov 19 '18 at 4:40
Bhandari
142113
asked Nov 18 '18 at 6:53
mohammad mahdavimohammad mahdavi
32
3
Your code is open to SQL injection related attacks. Evenreal_escape_stringcannot secure it completely. Please learn to use Prepared Statements
– Madhur Bhaiya
Nov 18 '18 at 6:54
yes ' this code is exmple
– mohammad mahdavi
Nov 18 '18 at 7:03
Possible duplicate of How can I prevent SQL injection in PHP?
– Progman
Nov 18 '18 at 10:13
my friends, i have problem into mysql NO sql injection, please see my example
– mohammad mahdavi
Nov 18 '18 at 13:20
add a comment |
I have an error on insert value mysql.
Please see my PHP code
<?php
$ali = $_POST['ali'];
$con = @mysqli_connect('localhost', 'root', '', 'mohammad');
if (!$con) {
echo "Error: " . mysqli_connect_error();
exit();
}
$insertinto_ic_add = "INSERT INTO sq (text) VALUES ('" . $ali . "')";
mysqli_query($con, $insertinto_ic_add) or die("database error:" . mysqli_error($con));
?>
<form action="" method="post">
<input name="ali">
</form>
I input the values " n't " and an error occurs:
database error:You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 't')' at line 2
php mysql mariadb
edited Nov 19 '18 at 4:40
Bhandari
142113
asked Nov 18 '18 at 6:53
mohammad mahdavimohammad mahdavi
32
I have an error on insert value mysql.
Please see my PHP code
<?php
$ali = $_POST['ali'];
$con = @mysqli_connect('localhost', 'root', '', 'mohammad');
if (!$con) {
echo "Error: " . mysqli_connect_error();
exit();
}
$insertinto_ic_add = "INSERT INTO sq (text) VALUES ('" . $ali . "')";
mysqli_query($con, $insertinto_ic_add) or die("database error:" . mysqli_error($con));
?>
<form action="" method="post">
<input name="ali">
</form>
I input the values " n't " and an error occurs:
database error:You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 't')' at line 2
php mysql mariadb
php mysql mariadb
edited Nov 19 '18 at 4:40
Bhandari
142113
asked Nov 18 '18 at 6:53
mohammad mahdavimohammad mahdavi
32
edited Nov 19 '18 at 4:40
Bhandari
142113
asked Nov 18 '18 at 6:53
mohammad mahdavimohammad mahdavi
32
edited Nov 19 '18 at 4:40
Bhandari
142113
edited Nov 19 '18 at 4:40
Bhandari
142113
edited Nov 19 '18 at 4:40
Bhandari
142113
142113
asked Nov 18 '18 at 6:53
mohammad mahdavimohammad mahdavi
32
asked Nov 18 '18 at 6:53
mohammad mahdavimohammad mahdavi
32
asked Nov 18 '18 at 6:53
mohammad mahdavimohammad mahdavi
32
32
3
Your code is open to SQL injection related attacks. Evenreal_escape_stringcannot secure it completely. Please learn to use Prepared Statements
– Madhur Bhaiya
Nov 18 '18 at 6:54
yes ' this code is exmple
– mohammad mahdavi
Nov 18 '18 at 7:03
Possible duplicate of How can I prevent SQL injection in PHP?
– Progman
Nov 18 '18 at 10:13
my friends, i have problem into mysql NO sql injection, please see my example
– mohammad mahdavi
Nov 18 '18 at 13:20
add a comment |
3
Your code is open to SQL injection related attacks. Evenreal_escape_stringcannot secure it completely. Please learn to use Prepared Statements
– Madhur Bhaiya
Nov 18 '18 at 6:54
yes ' this code is exmple
– mohammad mahdavi
Nov 18 '18 at 7:03
Possible duplicate of How can I prevent SQL injection in PHP?
– Progman
Nov 18 '18 at 10:13
my friends, i have problem into mysql NO sql injection, please see my example
– mohammad mahdavi
Nov 18 '18 at 13:20
3
3
Your code is open to SQL injection related attacks. Even
real_escape_string cannot secure it completely. Please learn to use Prepared Statements– Madhur Bhaiya
Nov 18 '18 at 6:54
Your code is open to SQL injection related attacks. Even
real_escape_string cannot secure it completely. Please learn to use Prepared Statements– Madhur Bhaiya
Nov 18 '18 at 6:54
yes ' this code is exmple
– mohammad mahdavi
Nov 18 '18 at 7:03
yes ' this code is exmple
– mohammad mahdavi
Nov 18 '18 at 7:03
Possible duplicate of How can I prevent SQL injection in PHP?
– Progman
Nov 18 '18 at 10:13
Possible duplicate of How can I prevent SQL injection in PHP?
– Progman
Nov 18 '18 at 10:13
my friends, i have problem into mysql NO sql injection, please see my example
– mohammad mahdavi
Nov 18 '18 at 13:20
my friends, i have problem into mysql NO sql injection, please see my example
– mohammad mahdavi
Nov 18 '18 at 13:20
add a comment |
1 Answer
1
active
oldest
votes
I agree that this is not showing SQL injection. But the prevention for such is the same as the fix for your problem. You must escape certain characters (in particular the apostrophe) in the text.
Notice that the error message even points to the apostrophe.
If you echoed the statement, you would see
INSERT INTO sq (text)
VALUES ('blah blah don't do this')
Observe the three apostrophes, and think how confused the parser will be.
Better code would be something like
$mali = $con->real_escape_string($ali);
$insertinto_ic_add = "INSERT INTO sq (text)
VALUES ('" . $mali . "')";
answered Nov 19 '18 at 2:34
Rick JamesRick James
67.1k55899
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53358587%2fdatabase-error-when-inserting-values-into-mysql%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I agree that this is not showing SQL injection. But the prevention for such is the same as the fix for your problem. You must escape certain characters (in particular the apostrophe) in the text.
Notice that the error message even points to the apostrophe.
If you echoed the statement, you would see
INSERT INTO sq (text)
VALUES ('blah blah don't do this')
Observe the three apostrophes, and think how confused the parser will be.
Better code would be something like
$mali = $con->real_escape_string($ali);
$insertinto_ic_add = "INSERT INTO sq (text)
VALUES ('" . $mali . "')";
answered Nov 19 '18 at 2:34
Rick JamesRick James
67.1k55899
add a comment |
I agree that this is not showing SQL injection. But the prevention for such is the same as the fix for your problem. You must escape certain characters (in particular the apostrophe) in the text.
Notice that the error message even points to the apostrophe.
If you echoed the statement, you would see
INSERT INTO sq (text)
VALUES ('blah blah don't do this')
Observe the three apostrophes, and think how confused the parser will be.
Better code would be something like
$mali = $con->real_escape_string($ali);
$insertinto_ic_add = "INSERT INTO sq (text)
VALUES ('" . $mali . "')";
answered Nov 19 '18 at 2:34
Rick JamesRick James
67.1k55899
add a comment |
I agree that this is not showing SQL injection. But the prevention for such is the same as the fix for your problem. You must escape certain characters (in particular the apostrophe) in the text.
Notice that the error message even points to the apostrophe.
If you echoed the statement, you would see
INSERT INTO sq (text)
VALUES ('blah blah don't do this')
Observe the three apostrophes, and think how confused the parser will be.
Better code would be something like
$mali = $con->real_escape_string($ali);
$insertinto_ic_add = "INSERT INTO sq (text)
VALUES ('" . $mali . "')";
answered Nov 19 '18 at 2:34
Rick JamesRick James
67.1k55899
I agree that this is not showing SQL injection. But the prevention for such is the same as the fix for your problem. You must escape certain characters (in particular the apostrophe) in the text.
Notice that the error message even points to the apostrophe.
If you echoed the statement, you would see
INSERT INTO sq (text)
VALUES ('blah blah don't do this')
Observe the three apostrophes, and think how confused the parser will be.
Better code would be something like
$mali = $con->real_escape_string($ali);
$insertinto_ic_add = "INSERT INTO sq (text)
VALUES ('" . $mali . "')";
answered Nov 19 '18 at 2:34
Rick JamesRick James
67.1k55899
answered Nov 19 '18 at 2:34
Rick JamesRick James
67.1k55899
answered Nov 19 '18 at 2:34
Rick JamesRick James
67.1k55899
answered Nov 19 '18 at 2:34
Rick JamesRick James
67.1k55899
67.1k55899
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53358587%2fdatabase-error-when-inserting-values-into-mysql%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
3
Your code is open to SQL injection related attacks. Even
real_escape_stringcannot secure it completely. Please learn to use Prepared Statements– Madhur Bhaiya
Nov 18 '18 at 6:54
yes ' this code is exmple
– mohammad mahdavi
Nov 18 '18 at 7:03
Possible duplicate of How can I prevent SQL injection in PHP?
– Progman
Nov 18 '18 at 10:13
my friends, i have problem into mysql NO sql injection, please see my example
– mohammad mahdavi
Nov 18 '18 at 13:20