Home >> FAQs/Tutorials >> PHP Script Tutorials and Tips >> Index

PHP Script Tips - Working with MySQL Database

By: FYICenter.com

Part:   1  2  3  4  5   6  7 

(Continued from previous part...)

How To Quote Text Values in SQL Statements?

Text values in SQL statements should be quoted with single quotes ('). If the text value contains a single quote ('), it should be protected by replacing it with two single quotes (''). In SQL language syntax, two single quotes represents one single quote in string literals. The tutorial exercise below shows you two INSERT statements. The first one will fail, because it has an un-protected single quote. The second one will be ok, because a str_replace() is used to replace (') with (''):

<?php
  include "mysql_connection.php";

  $notes = "It's a search engine!";
  $sql = "INSERT INTO fyi_links (id, url, notes) VALUES ("
      . " 201, 'www.google.com', '".$notes."')";
  if (mysql_query($sql, $con)) {
    print(mysql_affected_rows() . " rows inserted.\n");
  } else {
    print("SQL statement failed.\n");
  }

  $notes = "It's another search engine!";
  $notes = str_replace("'", "''", $notes);
  $sql = "INSERT INTO fyi_links (id, url, notes) VALUES ("
      . " 202, 'www.yahoo.com', '".$notes."')";
  if (mysql_query($sql, $con)) {
    print(mysql_affected_rows() . " rows inserted.\n");
  } else {
    print("SQL statement failed.\n");
  }

  mysql_close($con); 
?>

If you run this script, you will get something like this:

SQL statement failed.
1 rows inserted.

How To Quote Date and Time Values in SQL Statements?

If you want to provide date and time values in a SQL statement, you should write them in the format of "yyyy-mm-dd hh:mm:ss", and quoted with single quotes ('). The tutorial exercise below shows you two INSERT statements. The first one uses a hard-code date value. The second one uses the date() function to return a date value.

<?php
  include "mysql_connection.php";

  $notes = "Added long time ago!";
  $time = "1999-01-01 01:02:03";
  $sql = "INSERT INTO fyi_links (id, url, notes, time) VALUES ("
      . " 301, 'www.netscape.com', '".$notes."', '".$time."')";
  if (mysql_query($sql, $con)) {
    print(mysql_affected_rows() . " rows inserted.\n");
  } else {
    print("SQL statement failed.\n");
  }

  $notes = "Added today!";
  $time = date("Y-m-d H:i:s");
  $sql = "INSERT INTO fyi_links (id, url, notes, time) VALUES ("
      . " 302, 'www.myspace.com', '".$notes."', '".$time."')";
  if (mysql_query($sql, $con)) {
    print(mysql_affected_rows() . " rows inserted.\n");
  } else {
    print("SQL statement failed.\n");
  }

  mysql_close($con); 
?>

If you run this script, you will get something like this:

1 rows inserted.
1 rows inserted.

(Continued on next part...)

Part:   1  2  3  4  5   6  7 


Selected Developer Jobs:

More...