Insert a record with an apostrophe mysql php

Question

I want to insert a record with an apostrophe into a MySQL database using PHP. Following is my code:

$importer_name =mysql_escape_string ($objWorksheet->getCellByColumnAndRow(1,3)->getValue());
$exporter_name = $objWorksheet->getCellByColumnAndRow(1, 3)->getValue();
$prod_quantity_unit = $objWorksheet->getCellByColumnAndRow(1,6)->getValue();
$prod_fob_value = $objWorksheet->getCellByColumnAndRow(5,6)->getValue();
$prod_quantity = $objWorksheet->getCellByColumnAndRow(1,8)->getValue();
$prod_fob_unit= $objWorksheet->getCellByColumnAndRow(5,8)->getValue();
$prod_gross_waight= $objWorksheet->getCellByColumnAndRow(1,10)->getValue();
$prod_cif_value= $objWorksheet->getCellByColumnAndRow(5,10)->getValue();
$prod_net_weight= $objWorksheet->getCellByColumnAndRow(1,12)->getValue();
$prod_cif_unit_price= $objWorksheet->getCellByColumnAndRow(5,12)->getValue();
$prod_brand= $objWorksheet->getCellByColumnAndRow(5,14)->getValue();
$hs_code = $objWorksheet->getCellByColumnAndRow(1,17)->getValue();
$shipping_date = $objWorksheet->getCellByColumnAndRow(5,17)->getValue();
$customs = $objWorksheet->getCellByColumnAndRow(1,19)->getValue();
$transport_company = $objWorksheet->getCellByColumnAndRow(5,19)->getValue();
$country_of_origin = $objWorksheet->getCellByColumnAndRow(1,21)->getValue();
$transport_mode = $objWorksheet->getCellByColumnAndRow(5,21)->getValue();
$country_of_trade = $objWorksheet->getCellByColumnAndRow(1,23)->getValue(); 
$hs_code_description = $objWorksheet->getCellByColumnAndRow(1,26)->getValue();
$product_description = $objWorksheet->getCellByColumnAndRow(1,28)->getValue();

$insertquery="INSERT INTO tb_peru_data
    (importer_name,exporter_name,product_quantity_unit,
    product_fob_unit,product_quantity,product_fob_value,
   product_gross_weight,product_cif_value,
   product_net_weight,product_cif_unit_price,
   product_brand,shipping_hs_code,shipping_date,
   shipping_customs,shipping_transport_company,
   shipping_country_of_origin,shipping_transport_mode,
   shipping_country_of_trade,hs_code_description,
   product_description) 
    VALUES
('$importer_name','$exporter_name','$prod_quantity_unit',
   '$prod_fob_unit','$prod_quantity','$prod_fob_value',
   '$prod_gross_waight','$prod_cif_value','$prod_net_weight',
   '$prod_cif_unit_price','$prod_brand','$hs_code','$shipping_date',
   '$customs','$transport_company','$country_of_origin',
   '$transport_mode','$country_of_trade',
   '$hs_code_description','$product_description')";

      mysql_query($insertquery)or die('ErrorrPERU: '.mysql_error());
     /*$del="DELETE * FROM tb_excel_file";
     mysql_query($del);*/

?>

This does not work, and gives the following error:

you have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's','12U','6','9','54', '34.83','55.5','31.83','6.17','','7323931000','2008/04/1' at line 3

Answer 1

Use mysqli_real_escape_string instead of deprecated mysql_real_escape_string This function will force you to input mysql table / database. This way your collation will be considered while escaping

Answer 2

You can use real_escape_string() in PHP. You need to escape the apostrophe (that is, tell SQL that the apostrophe is to be taken literally and not as the beginning or end of a string). To add more, I'd say that you can also use PDO, but consider using addslashes($string) and stripslashes($string).