www.webdeveloper.com
Results 1 to 8 of 8

Thread: PDO - Escaping characters on INSERT query

  1. #1
    Join Date
    Jun 2013
    Posts
    6

    PDO - Escaping characters on INSERT query

    Help!

    I am using PDO. When I run my INSERT query everything works great! However, if there is a single quote used in one of the input text fields it will not.

    I am a NOOB, so speaking like an expert will not help me. Think 1st grader. HA.

    Here is the code:

    $query = ("INSERT INTO missionaries
    (firstname, lastname, spouse, image, info, continent, field)
    VALUES ('$miss_fn', '$miss_ln', '$miss_spn', '$image', '$info', '$continent', '$field')");
    if ($db->exec($query)){
    //Success
    header('Location: content.php');
    exit;
    } else {
    //Display error message
    echo '<p> Missionary addition failed.</p>';
    }


    Any help is greatly appreciated.

  2. #2
    Join Date
    Jul 2013
    Location
    Voorheesville NY USA
    Posts
    1,900
    Where you say "display error message" add this:
    PHP Code:
       $pdo_errinfo $db->ErrorInfo();
       
    $err $pdo_errinfo[2];
       echo 
    "Error message is: $err"
    That will tell you about your query error

    Also - you don't need parens around the query statement.

  3. #3
    Join Date
    Jul 2013
    Location
    Voorheesville NY USA
    Posts
    1,900
    Of course - if you have quotes in your data, then you will have a problem. Read up on how to sanitize data before putting it into your db.

  4. #4
    Join Date
    Jun 2013
    Posts
    6
    Thanks for the reply.

    Just before I got your reply a friend pointed me to this video and it worked perfectly: http://www.youtube.com/watch?v=CDa3Z52scW0

    Problem solved.

  5. #5
    Join Date
    Jun 2013
    Posts
    6
    Oh, this is the new code in case interested

    $q = ("INSERT INTO missionaries
    (firstname, lastname, spouse, image, info, continent, field)
    VALUES (:miss_fn, :miss_ln, :miss_spn, :image, :info, :continent, :field)");
    $query = $db->prepare($q);
    $results = $query->execute(array(
    ":miss_fn" => $miss_fn, ":miss_ln" => $miss_ln, ":miss_spn" => $miss_spn,
    ":image" => $image, ":info" => $info, ":continent" => $continent,
    ":field" => $field
    ));


    if ($results) {
    //Success
    header('Location: addMiss.php');
    exit;
    } else {
    //Display error message
    echo '<p> Missionary addition failed.</p>';
    }
    }
    else {echo 'Must enter First and Last Name.' . '<br/>';
    echo 'Click Back button to try again.';
    }

  6. #6
    Join Date
    Jul 2013
    Posts
    31

    PDO - Escaping characters on INSERT query

    If you are using PDO, always make use of prepared statements.
    Your code should be like this :
    PHP Code:
    //assuming $db is the PDO connection variable
    $query $db->prepare("INSERT INTO missionaries
    (firstname, lastname, spouse, image, info, continent, field)
    VALUES (?,?,?,?,?,?,?)"
    );
    if (
    $query->execute(array($miss_fn$miss_ln,$miss_spn$image$info$continent$field)){
    //Success
    header('Location: content.php');
    exit;
    } else {
    //Display error message
    echo '<p> Missionary addition failed.</p>';


  7. #7
    Join Date
    Feb 2013
    Posts
    168
    He's using client-side prepared statements:

    PHP Code:
    $query = ("INSERT INTO 
                   missionaries (firstname, lastname, spouse, image, info, continent, field)
               VALUES 
                   (:miss_fn, :miss_ln, :miss_spn, :image, :info, :continent, :field)"
    );
    $stmt $db->prepare($query);
    $result $stmt->execute(array(
        
    ":miss_fn" => $miss_fn,
        
    ":miss_ln" => $miss_ln,
        
    ":miss_spn" => $miss_spn,
        
    ":image" => $image
        
    ":info" => $info,
        
    ":continent" => $continent,
        
    ":field" => $field
            
    ));


    if (
    $result) {
    //Success
        
    header('Location: addMiss.php');
        exit;
    } else {
    //Display error message
        
    echo '<p> Missionary addition failed.</p>';

    Last edited by Strider64; 07-10-2013 at 10:07 AM.

  8. #8
    Join Date
    Jun 2013
    Posts
    6
    Yes, that seemed to best suit me; but thanks for the other example. One problem solved....now on to the next. I love learning!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center

"

"

X vBulletin 4.2.2 Debug Information

  • Page Generation 0.20698 seconds
  • Memory Usage 2,925KB
  • Queries Executed 15 (?)
More Information
Template Usage (33):
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_global_above_footer
  • (1)ad_global_below_navbar
  • (1)ad_global_header1
  • (1)ad_global_header2
  • (1)ad_navbar_below
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)ad_thread_first_post_content
  • (1)ad_thread_last_post_content
  • (3)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)headinclude_bottom
  • (8)memberaction_dropdown
  • (1)navbar
  • (4)navbar_link
  • (1)navbar_moderation
  • (1)navbar_noticebit
  • (1)navbar_tabs
  • (2)option
  • (8)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available (6):
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files (26):
  • ./showthread.php
  • ./global.php
  • ./includes/class_bootstrap.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/functions_navigation.php
  • ./includes/class_friendly_url.php
  • ./includes/class_hook.php
  • ./includes/class_bootstrap_framework.php
  • ./vb/vb.php
  • ./vb/phrase.php
  • ./includes/functions_facebook.php
  • ./includes/functions_calendar.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_notice.php
  • ./packages/vbattach/attach.php
  • ./vb/types.php
  • ./vb/cache.php
  • ./vb/cache/db.php
  • ./vb/cache/observer/db.php
  • ./vb/cache/observer.php 

Hooks Called (70):
  • init_startup
  • friendlyurl_resolve_class
  • init_startup_session_setup_start
  • database_pre_fetch_array
  • database_post_fetch_array
  • init_startup_session_setup_complete
  • global_bootstrap_init_start
  • global_bootstrap_init_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • load_show_variables
  • load_forum_show_variables
  • global_state_check
  • global_bootstrap_complete
  • global_start
  • style_fetch
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • strip_bbcode
  • friendlyurl_clean_fragment
  • friendlyurl_geturl
  • forumjump
  • cache_templates
  • cache_templates_process
  • template_register_var
  • template_render_output
  • fetch_template_start
  • fetch_template_complete
  • parse_templates
  • fetch_musername
  • notices_check_start
  • notices_noticebit
  • process_templates_complete
  • friendlyurl_redirect_canonical
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • memberaction_dropdown
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • build_navigation_data
  • build_navigation_array
  • check_navigation_permission
  • process_navigation_links_start
  • process_navigation_links_complete
  • set_navigation_menu_element
  • build_navigation_menudata
  • build_navigation_listdata
  • build_navigation_list
  • set_navigation_tab_main
  • set_navigation_tab_fallback
  • navigation_tab_complete
  • fb_like_button
  • showthread_complete
  • page_templates