Open christophmayrhofer opened 3 years ago
I'm also having the same problem. Was trying to insert the following:
{"type":"NAIL_POLISH","size":"8 ml (Pack of 25)","color":"Ladies' day","productGroup":"Beauty","itemLength":225,"itemWidth":143,"part_type":"LMPL-SET"}
The single quote in the Ladies' day
is causing a problem but when I tried it using usual means it worked:
$array = [
'type' => 'NAIL_POLISH',
'size' => '8 ml (Pack of 25)',
'color' => "Ladies' day",
'productGroup' => 'Beauty',
'itemLength' => '225',
'itemWidth' => '143',
'part_type' => 'LMPL-SET',
];
$str = json_encode($array);
DB::table('test_table')
->insert([
'json_str' => $str,
]);
return 'ok';
This really needs fixing.
caused by here
mysql requires \\ to escape " in a query
the correct query should be:
but running this:
results in this (invalid) query:
Another concern: The code uses string concatenation to create the when then query. Isn't this a risk for SQL injections? Why doesn't it a parameterized query?