[nycphp-talk] can't populate db table with csv - I can't believethis!
Brian Pang
bpang at bpang.com
Wed Sep 10 22:32:17 EDT 2003
yes, everything
if the string being enclosed in single quotes contains an apostrophe, or
other instance of a single quote, it will need to be escaped like \'
I think that Hans is recommending using mysql_escape_string() to ensure
that everything is escaped that might need it (like double quotes).
HOWEVER
if your php script is attempting to insert any variables, you will need
to use double quotes in place of the single quote as the encapsulator.
PHP doesn't parse within the single quote.
You would still want to use mysql_escape_string()
I always use double quotes even though it means that values are being
parsed for no reason. It's just easier for me that way and I haven't
(been fortunate enough to have) had a problem with it creating excessive
load, yet.
> Um, I don't understand. Every single thing should be encased in '' and is
> escaped with mysql_escape_string(). I know the basics of SQL too. I just
> can't do this bit of code!
>
> Phil
> ----- Original Message -----
> From: "Hans Zaunere" <hans at nyphp.org>
> To: "NYPHP Talk" <talk at lists.nyphp.org>
> Sent: Wednesday, September 10, 2003 8:22 PM
> Subject: Re: [nycphp-talk] can't populate db table with csv - I can't
> believethis!
>
>
> >
> > Phil,
> >
> > > Go to http://www.nordicnet.no/admin/alle_produkter.php and you can see
> > > the damage!
> >
> > You need to learn some basics of working with SQL. In MySQL, Oracle,
> PostgreSQL, and just about everything else, values should always be
enclosed
> in single quotes [1].
> >
> > With the SQL you show above, none of the values are enclosed in single
> quotes, and since one of the values contains a single quote itself, it
gives
> an error. You'll also need to use mysql_escape_string() for every
value you
> create a SQL statement from; this escapes special chars that SQL will
> interpret as having meaning. See http://php.net/mysql_escape_string
> >
> > > Otherwise, I'm going to have to send the code to you guys, along with
> > > the .csv file and maybe you can do what I cannot. I might as
well quit
> > > this project!
> >
> > I think you might have to move to a pay-per-incident support plan :)
> >
> > But this is a simple problem to resolve; you should have no problem with
> it.
> >
> > H
> >
> > [1] For the purposes of this discussion
> >
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>
>
More information about the talk
mailing list