What is the issue with saving a string containing a single quote in a MySQL query in PHP?

When saving a string containing a single quote in a MySQL query in PHP, it can cause syntax errors or SQL injection vulnerabilities. To solve this issue, you can use prepared statements or escape the single quote in the string before including it in the query.

// Using prepared statements to save a string containing a single quote in a MySQL query
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn-&gt;connect_error) {
    die(&quot;Connection failed: &quot; . $conn-&gt;connect_error);
}

// Prepare a SQL statement
$stmt = $conn-&gt;prepare(&quot;INSERT INTO table_name (column_name) VALUES (?)&quot;);
$stmt-&gt;bind_param(&quot;s&quot;, $string_with_single_quote);

// Set parameter values and execute the statement
$string_with_single_quote = &quot;O&#039;Connor&quot;;
$stmt-&gt;execute();

// Close the statement and connection
$stmt-&gt;close();
$conn-&gt;close();

Keywords

PHP MySQL string single quote escaping

What is the issue with saving a string containing a single quote in a MySQL query in PHP?

Keywords

Related Questions