I feel daft asking this, but it's driving me potty. How can I make this string:
Children\''s Toy
Suitable for insert to a MySQL database and escape the characters properly?
Thanks
mysql_real_escape_string should do it. If you are using the mysqli extension, you can do it the same way. ( mysqli_real_escape_string )
Why, by using prepared statements, of course.
Like this:
Children\\\'\'s Toy
But you really should be relying on something built into PHP like mysql_reql_escape_string() or better yet, parameterize queries using PDO.
Here's my test of the above:
mysql> select 'Children\\\'\'s Toy' as escapedString;
+------------------+
| escapedString |
+------------------+
| Children\''s Toy |
+------------------+
1 row in set (0.49 sec)