MYSQL: Work with special characters

While programming with php, normally we works with mysql. And in mysql we insert, update, delete, fetch or compare string data.

But there are some special characters in a string which causes formatting level problems, values level problems and concatenation level problems while working with mysql.

And these special characters are: \x00 , \n , \r , \ , ‘ , ” , \x1a

For Example:
Our string is: Today is my friend’s birthday.

Here we want to insert this string in “description” field of “comments” table and compare it in select query.

So now we have to write queries using mysql_real_escape_string() to not cause any formatting, values or concatenation level problems and prevent database attack.

$query = "insert into comments (description) values ('" . mysql_real_escape_string("Today is my friend's birthday.") . "')";
$query = "select * from comments where description='" . mysql_real_escape_string("Today is my friend's birthday.") . "'";

Hope this will help you.

Advertisements

Speak Your Mind

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: