A little problem with single quotes messing up an SQL SET statement...

I can type single quotes, double quotes--it seems, any 'special'
character--into a form, and so long as my PHP script tries to INSERT, UPDATE
or DELETE said row into the table, no problem.  But when I try to DUPLICATE
a row that already contains a single quote, the PHP code chokes on it--and
doesn't perform the query operation.  I realize that the code that does the
preprocessing is getting confused by any stray single quote (double quotes
are harmless).  What I don't know is how to get around this problem.  Here's
the code in question:

   if ($action == "dup") {

                $result = mysql_query("SELECT * FROM $table WHERE id=$id",$db);
                $myrow = mysql_fetch_array($result);

$comma = "";
echo $priv, "<br>";
for ($i = $priv; $i < $columns; $i++) {
        $fld = mysql_field_name($fields, $i);
    $set .= $comma."$fld='".$myrow[$i]."'";
        echo $set, "<br>";
    $comma = ", ";

          // run SQL against the DB
          $sql = "INSERT $table SET $set";
          $result = mysql_query($sql);

   $affected = $id;
   echo "<td width=10><img border=0 src=../../common/spacer.gif width=10
height=1></td><td align=center valign=middle bgcolor=#eeeeee><span
class=adminnormalgrey>Record duplicated</span></td>";

And here's the echo'd $set:
lang='en', record='news.php'
lang='en', record='news.php', buttonname='News and Events'
lang='en', record='news.php', buttonname='News and Events', pagetitle='What
is Happening'
lang='en', record='news.php', buttonname='News and Events', pagetitle='What
is Happening', alttext='Breaking news" on new SmartSlitter products and
upgrades, plus a list of trade show's where we will be exhibiting our

Any help is much appreciated. Thanks!


Rene Fournier

Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to