How to escape php mysqli query?

Thursday, 28 September 2017

I am passing data from AJAX to my PHP. I just run a for loop to make my query. Problem with my data is that it contains single quote.

I am using single quote to enclose my parameters in the query. Query is something like

   INSERT INTO myTable (column1.column2) VALUES('value1', 'value2'),
   ('value'1', 'value2');

I want to escape like

   INSERT INTO myTable (column1.column2) VALUES('value1', 'value2'),
   ('value\'1', 'value2');

I just tried mysqli_real_Escape_String. It returns something like

   INSERT INTO myTable (column1.column2) VALUES(\'value1\', \'value2\'),
   (\'value\'1\', \'value2\');

So Query execution fails.

I don't think using htmlspeciachars is the right way for this.

Any suggestions?

Blog