MySQL Query not inserted when PHP variable contains single quotes

Question

This query not inserted when variable $subject has single quotes . Is there any possible solution available ?

mysql_query(\"INSERT INTO  table  (to_email_id,         


        

Answer 1

Your query will be returning a 1064 error which is a syntax error within your query. This is happening because the variables, specifically $subject in the case of the question is altering the format of your enclosed string. For example, let's say we have

$subject = "fire's hotter than it looks";

When this is evaluated in your query your query string will be

INSERT INTO  table  (to_email_id,subject) 
     VALUES('the value of the to variable','fire's hotter than it looks');

If you look at the second item in the values, which was once $subject, you'll notice you now have an uneven number of apostrophes meaning that the end of your query '); is an open string.

As commented above use a function such as mysql_real_escape_string() to add the missing slashes.

Quick note: adding slashes to characters such as " and ' (\", \'). tells mysql to interpret these as string characters instead of query string delimiters.