mySQL special characters (ex: ' ) mess up the query
4 replies, posted
So a MYSQL query looks kind of like INSERT INTO 'Players' (id, money) VALUES ('001', '27' ), you know- it's got half-quotes around it 'like this'
but the problem is, when the value I'm inserting contains this (consider: John 'Maynard' Keynes) it messes up the mysql, I get told that I have an error in my SQL syntax.
I think this is because it's reading the ' ' and confuses them for part of the actual query syntax.
How can I prevent this?
Ya dun goofd. You've got yourself a nice MySQL injection.
yeah, uh-huh, that's cool.
Or, even better yet, use PreparedStatements that mysqloo library provides!
Yes, I think you can then put like
:Query("select * from sometable where name = ? and age = ?", "Steve", 18)
Sorry, you need to Log In to post a reply to this thread.