1

Can't believe there are no questions like this... Must be something really simple, but I spend 2 days trying to figure this one out.

I have a table and one of the coloumns has values in a JSON format. In PHP my syntax is like this (it's in a class function):

$sql = "INSERT INTO users.users (username, class, settings, email, password) VALUES ($this->username, $this->class, ".json_encode($this->settings).", $this->email, $this->hashpwd);";
        $STH = $DBH->prepare($sql);
        $STH->execute();

However this one of course breaks because JSON format contains commas and these commas are also separating the Insert values, so it breaks the query. And escape functions (like PDO->quote or mysqli_real_escape_string) don't escape commas either.

Error I am getting is of course:

...You have an error in your SQL syntax; 
check the manual that corresponds to
your MySQL server version for the right
syntax to use near 
'"usersetting1":"value","usersetting2":"value"}, [email protected], 712985cc'...

So is there any way to do this or do I have to use some kind of alt syntax for the query?

Improve this question

1 Answer 1

Reset to default
2

Try this:

$sql = "INSERT INTO users.users (username, class, settings, email, password) VALUES (:username, :class, :json, :email, :password);";
    $STH = $DBH->prepare($sql);
    $STH->bindParam(':username', $this->username);
    $STH->bindParam(':class', $this->class);
    $STH->bindParam(':json', json_encode($this->settings));
    $STH->bindParam(':email', $this->email);
    $STH->bindParam(':password', $this->hashpwd);
    $STH->execute();
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Worked perfectly, thanks. So In that sense binding parameters is the only way to do this?
It is the recommended, safest way and saves you from SQL injection. You should always use binding parameters.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.