[PHP-DB] Stuck in apostrophe hell

Mon, 02 Aug 2010 13:30:31 -0700 

Before I send the following SQL to MySQL from PHP I print it to screen. 
PHP chokes on it, but I can paste the exact same query from the screen 
directly to MySQL and it works just fine. For example:

Here's the relevant PHP code:
======================================
$sql_insert_registration = sprintf("INSERT INTO
  Registrations (
    Class_ID,
    prid,
    Registrant,
    Company,
    Phone,
    Email
  )
VALUES (
    $_POST[Class_ID],
    $_POST[prid],
    '%s',".
    parseNull($_POST['Company']).",
    '$_POST[Phone]',
    '$_POST[Email]'
)", mysql_real_escape_string($_POST['Registrant']));

echo "<pre>".$_POST["Registrant"]."</pre>";
echo "<pre>".mysql_real_escape_string($_POST["Registrant"])."</pre>";
echo "<pre>".$sql_insert_registration."</pre>";

if (!mysql_query($sql_insert_registration, $con)) { 
  die('Error: ' . mysql_error()); 
....
======================================


Here's the output:
=======================

INSERT INTO
  Registrations (
    Class_ID,
    prid,
    Registrant,
    Company,
    Phone,
    Email
  )
VALUES (
    355,
    257,
    'Brian O\'Brien',NULL,
    '612-456-5678',
    'paul_s_john...@mnb.uscourts.gov'
)
Error: You have an error in your SQL syntax; check the manual that 
corresponds to your MySQL server version for the right syntax to use near 
'Brien', 'Class registration confirmation', ' This email ' at line 16
==================================================


Also very oddly if the name "O'Brien" is input into the HTML form with two 
apostrophes side by side (O''Brien) then MySQL will take it (but then of 
course we have the problem of two apostrophes side by side inserted into 
the MySQL table). For example:

===================================

INSERT INTO
  Registrations (
    Class_ID,
    prid,
    Registrant,
    Company,
    Phone,
    Email
  )
VALUES (
    355,
    257,
    'Brian O\'\'Brien',NULL,
    '612-456-5678',
    'paul_s_john...@mnb.uscourts.gov'
)
You have been signed up for the class,
and a confirmation email has been sent to you.
=================================

Very strange.

I've checked various PHP variables and cannot figure out. It works fines 
from another PHP server that's using the same MySQL database.

Thanks,

Paul

Reply via email to