• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

MySQL Escaping Query

silence

Well-known member
#1
So I'm having a predicament, and I'm pulling my hair out because of it.
See this snippit uhhh-here

PHP:
        $query = $db->fetchAll('SELECT * FROM `xf_teamspeak`');

        foreach ($query as $user)
        {
            $id = array($user['auth_id']);
            if ($this->isJson($id))
            {
                $auth_id = json_encode($id);
            }
            else
            {
                $auth_id = reset($id);
            }
            $db->query('UPDATE `xf_teamspeak` SET `auth_id` = ' . $db->quote($auth_id) . ' WHERE `user_id` = "' . $user['user_id'] . '"');
            $db->query('INSERT INTO `xf_teamspeak_log` (`user_id`, `auth_id`) VALUES("' . $user['user_id'] . '","' . $user['auth_id'] . '")');
        }
I'm trying to query a json_encoded string to the db, however it spits out this error:
PHP:
Mysqli prepare error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'mvr5e2Xia3JXqy+rTMAAQM9RLZA=","sadfsa3241321d21","fdsafdsafdsa"]")' at line 1
Now, I've tried using single quotes, double quotes, querying using parameters at the end (C style), and I simply cannot figure out why it won't let me do this query. I'm able to do it manually when querying directly in the MySQL database, so I would be invigorated if someone could help me out!

Thanks!
 

Jeremy

Well-known member
#2
The error exists in your values. You have:
VALUES("USERID", "AUTH_ID").

Its evaluating to:
VALUES("mvr5e2Xia3JXqy+rTMAAQM9RLZA=","sadfsa3241321d21","fdsafdsafdsa"]")

Your auth_id needs properly escaped.
 

silence

Well-known member
#3
The error exists in your values. You have:
VALUES("USERID", "AUTH_ID").

Its evaluating to:
VALUES("mvr5e2Xia3JXqy+rTMAAQM9RLZA=","sadfsa3241321d21","fdsafdsafdsa"]")

Your auth_id needs properly escaped.
I thought the $db->quote() did that. Also it's cutting off the string for some reason. The full string is:
["mvr5e2Xia3JXqy+rTMAAQM9RLZA=","sadfsa3241321d21","fdsafdsafdsa"]