Fix SQL INSERT problems with PHP addslashes function

If you’ve created you own custom content management system using PHP, you may have noticed problems inserting data. One of the problems could be that your data may have characters that prevent it from being inserted. Some of the character that would cause this type of problem are single or double quotes, backslash, and NUL characters.

You can escape these problematic characters using the PHP function addslashes(). As explained by the PHP manual: It returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote (), double quote (), backslash (\) and NUL (the NULL byte).

As you can see from my example below, I first run the content through the addshashes function and than return it to the same named string “$Page_Content” before passing it to my SQL UPDATE or INSERT statement.

$Page_Content = addslashes($Page_Content);
$query = "UPDATE site_content SET Page_Title='$Page_Title', Page_Content='$Page_Content' WHERE id_f='$id_f'";
query_db($query);

You may also like...

1 Response

  1. Gull says:

    $line){
    $fullname = “name”;
    $email=addslashes($line);
    $password = base64_encode(password);
    mysql_query(“INSERT INTO table (fullname,email,password) VALUES(‘$fullname’,’$email’,’$password’)”) or die(“Insert failed: ” . mysql_error());
    }
    ?>

    please see the above code i want to add addslashes for $email but this is not doing in the way i mentioned above where i mistaken

Leave a Reply