Question

I'm trying to update a Joomla Module with PHP, however the parameters field is full of quotes and single quotes.

Here is the raw MySQL query. How could I make this work in PHP, with all of the quotes and single quotes in the query?

UPDATE `xxyyzz_modules` 
SET `params` = '{"moduleclass_sfx":"","loadJQuery":"1","tableType":"datatable","theme":"ui-lightness","source":"sql","title":"","className":"arttable_table","tablecode":"","sqlQuery":"SELECT * FROM `xxyyzz_dtregister_paymentdetailsuser` WHERE datetime between ''2014\\/02\\/16'' and ''2014\\/03\\/02''","csscode":"","connectionString":"","csvFile":"","csvDelimiter":",","convertLinks":"2","linkConversionPattern":"TITLE|URL","linksNofollow":"0","linksNewWindow":"0","showFirstLink":"0","searchText":"Search:","searchSize":"15","headerStyle":"","cellStyle":"","excel":"","chartType":"LineChart","chartLeftHeader":"","xAxis":"","yAxis":"","chartWidth":"1100","chartHeight":"300","hideTable":"1","module_tag":"div","bootstrap_size":"0","header_tag":"h3","header_class":"","style":"0"}' 
WHERE `id` =140;
Was it helpful?

Solution

You need to escape whichever type of quotes you're using to delimit the PHP string.

$sql = 'UPDATE `xxyyzz_modules`
        SET `params` = \'{"moduleclass_sfx":"","loadJQuery":"1","tableType":"datatable","theme":"ui-lightness","source":"sql","title":"","className":"arttable_table","tablecode":"","sqlQuery":"SELECT * FROM `xxyyzz_dtregister_paymentdetailsuser` WHERE datetime between \'\'2014\\/02\\/16\'\' and \'\'2014\\/03\\/02\'\'","csscode":"","connectionString":"","csvFile":"","csvDelimiter":",","convertLinks":"2","linkConversionPattern":"TITLE|URL","linksNofollow":"0","linksNewWindow":"0","showFirstLink":"0","searchText":"Search:","searchSize":"15","headerStyle":"","cellStyle":"","excel":"","chartType":"LineChart","chartLeftHeader":"","xAxis":"","yAxis":"","chartWidth":"1100","chartHeight":"300","hideTable":"1","module_tag":"div","bootstrap_size":"0","header_tag":"h3","header_class":"","style":"0"}\'
        WHERE `id` =140;';

or

$sql = "UPDATE `xxyyzz_modules`
        SET `params` = '{\"moduleclass_sfx\":\"\",\"loadJQuery\":\"1\",\"tableType\":\"datatable\",\"theme\":\"ui-lightness\",\"source\":\"sql\",\"title\":\"\",\"className\":\"arttable_table\",\"tablecode\":\"\",\"sqlQuery\":\"SELECT * FROM `xxyyzz_dtregister_paymentdetailsuser` WHERE datetime between ''2014\\\\/02\\\\/16'' and ''2014\\\\/03\\\\/02''\",\"csscode\":\"\",\"connectionString\":\"\",\"csvFile\":\"\",\"csvDelimiter\":\",\",\"convertLinks\":\"2\",\"linkConversionPattern\":\"TITLE|URL\",\"linksNofollow\":\"0\",\"linksNewWindow\":\"0\",\"showFirstLink\":\"0\",\"searchText\":\"Search:\",\"searchSize\":\"15\",\"headerStyle\":\"\",\"cellStyle\":\"\",\"excel\":\"\",\"chartType\":\"LineChart\",\"chartLeftHeader\":\"\",\"xAxis\":\"\",\"yAxis\":\"\",\"chartWidth\":\"1100\",\"chartHeight\":\"300\",\"hideTable\":\"1\",\"module_tag\":\"div\",\"bootstrap_size\":\"0\",\"header_tag\":\"h3\",\"header_class\":\"\",\"style\":\"0\"}'
        WHERE `id` =140";

Or use a here-doc:

$sql = <<'EOS'
       UPDATE `xxyyzz_modules`
       SET `params` = '{"moduleclass_sfx":"","loadJQuery":"1","tableType":"datatable","theme":"ui-lightness","source":"sql","title":"","className":"arttable_table","tablecode":"","sqlQuery":"SELECT * FROM `xxyyzz_dtregister_paymentdetailsuser` WHERE datetime between ''2014\\/02\\/16'' and ''2014\\/03\\/02''","csscode":"","connectionString":"","csvFile":"","csvDelimiter":",","convertLinks":"2","linkConversionPattern":"TITLE|URL","linksNofollow":"0","linksNewWindow":"0","showFirstLink":"0","searchText":"Search:","searchSize":"15","headerStyle":"","cellStyle":"","excel":"","chartType":"LineChart","chartLeftHeader":"","xAxis":"","yAxis":"","chartWidth":"1100","chartHeight":"300","hideTable":"1","module_tag":"div","bootstrap_size":"0","header_tag":"h3","header_class":"","style":"0"}'
       WHERE `id` =140;
EOS;

OTHER TIPS

Rather than escaping the string manually:

$json = '{"moduleclass_sfx":"","loadJQuery":"1","tableType":"datatable","theme":"ui-lightness","source":"sql","title":"","className":"arttable_table","tablecode":"","sqlQuery":"SELECT * FROM `xxyyzz_dtregister_paymentdetailsuser` WHERE datetime between ''2014\\/02\\/16'' and ''2014\\/03\\/02''","csscode":"","connectionString":"","csvFile":"","csvDelimiter":",","convertLinks":"2","linkConversionPattern":"TITLE|URL","linksNofollow":"0","linksNewWindow":"0","showFirstLink":"0","searchText":"Search:","searchSize":"15","headerStyle":"","cellStyle":"","excel":"","chartType":"LineChart","chartLeftHeader":"","xAxis":"","yAxis":"","chartWidth":"1100","chartHeight":"300","hideTable":"1","module_tag":"div","bootstrap_size":"0","header_tag":"h3","header_class":"","style":"0"}' 

$sql = "UPDATE `xxyyzz_modules` 
SET `params` = '" . mysqli_real_escape_string($json) . "'
WHERE `id` =140";
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top