MySQL error when inserting data containing apostrophes (single quotes)?

Question

When I an insert query contains a quote (e.g. Kellog\'s), it fails to insert a record.

ERROR MSG:

You have an error in your SQL s

Answer 1

In standard SQL, you use two single quotes to indicate one single quote, hence:

INSERT INTO SingleColumn(SingleChar) VALUES('''');

The first quote opens the string; the second and third are a single quote; and the fourth terminates the string. In MySQL, you may also be able to use a backslash instead:

INSERT INTO SingleColumn(SingleChar) VALUES('\'');

So, in your example, one or both of these should work:

INSERT INTO UnidentifiedTable
    VALUES('Kellog''s', 'Corn Flakes 170g', '$ 15.90', '$ 15.90', '$ 14.10', '--');
INSERT INTO UnidentifiedTable
    VALUES('Kellog\'s', 'Corn Flakes 170g', '$ 15.90', '$ 15.90', '$ 14.10', '--');

In PHP, there is a function to sanitize user data (mysql_real_escape_string) before you embed it into an SQL statement -- or you should use placeholders. Note that if you do not sanitize your data, you expose yourself to SQL Injection attacks.