I am passing data from AJAX to my PHP. I just run a
for loop to make my query. Problem with my data is that it
contains single quote.
I am using single quote
to enclose my parameters in the query. Query is something
like
INSERT INTO
myTable (column1.column2) VALUES('value1', 'value2'),
('value'1',
'value2');
I want to
escape like
INSERT INTO myTable
(column1.column2) VALUES('value1', 'value2'),
('value\'1',
'value2');
I
just tried mysqli_real_Escape_String. It returns something
like
INSERT INTO myTable
(column1.column2) VALUES(\'value1\', \'value2\'),
(\'value\'1\',
\'value2\');
So Query
execution fails.
I don't think using
htmlspeciachars is the right way for
this.
Any
suggestions?
No comments:
Post a Comment