I have the following table:
$sql = "CREATE TABLE received_queries
(
sender_screen_name varchar(50),
text varchar(150)
)";
I use the following SQL statement to store values in the table
$sql = "INSERT INTO received_queries VALUES ('$sender_screen_name', '$text')";
Now I am trying to store the following string as 'text'.
One more #haiku: Cotton wool in mind; feeling like a sleep won't cure;
I need some coffee.
and I get the following error message:
Error: You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 't cure; I need some coffee.')' at line 1
I think this must be a pretty common problem. How do I solve it?
解决方案
I would suggest using prepared statements (with mysqli or pdo) rather than escaping.