| Bug #78253 | A major problem is found in insert query of my sql which need attention | ||
|---|---|---|---|
| Submitted: | 28 Aug 2015 8:35 | Modified: | 1 Sep 2015 6:35 |
| Reporter: | VIKASH MISHRA | Email Updates: | |
| Status: | Not a Bug | Impact on me: | |
| Category: | MySQL Server: DML | Severity: | S5 (Performance) |
| Version: | 4.2.11 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
| Tags: | insert query bug, SQL bug | ||
[1 Sep 2015 6:35]
MySQL Verification Team
We're sorry, but the bug system is not the appropriate forum for asking help on using MySQL products. Your problem is not the result of a bug. Support on using our products is available both free in our forums at http://forums.mysql.com/ and for a reasonable fee direct from our skilled support engineers at http://www.mysql.com/support/ For this case please refer on how to escape quotes etc - https://dev.mysql.com/doc/refman/5.0/en/string-literals.html Thank you for your interest in MySQL.
Description: i am a graduation student and run a Startup i was developing module for blog for my client during which i noticed a serious threat when using DML insert query. i was running a query like INSERT INTO `naipathya_blog_posts`(`id`, `postTitle`, `postKey`, `postImg`, `postDesc`, `postCont`, `postDate`, `postAuthor`, `status`) VALUES ('','$title','$key','$img','$desc','$cont','','$author','$status') for any variable of it contains symbol ' then its creating a error i have tried several things to fix this but not able to do so and when i removed ' symbol form the textbox then it worked fine How to repeat: To repeat the problem just repeat the step mentioned on Description you will find the same problem Suggested fix: i do not have any major idea but if you can add a special symbol before the variable so the it skip ' then it may be fixed