I try to achieve a small blog application using vibe.d. I have a form in this adress
http://localhost:8888/gönderiler/oluştur
User inputs post title and body. Than these information are stored in a database. Until now so far so good.
Let's say the user inputs a string with a quotation mark like this:
deneme'miz
Than sql query becomes like this:
INSERT INTO gonderiler (kullanici_no, baslik, icerik, created_at, updated_at) VALUES (1, 'Deneme', 'deneme'miz', '2017-09-25 12:29:30', '2017-09-25 12:29:30')
As you'd see there is 3 quotation mark signs.
auto başlık = this.başlık_.replace("'","\'");
auto içerik = this.içerik_.replace("'","\'");
logInfo("%s %s", başlık, içerik);
auto sqlKomutu = "INSERT INTO gonderiler (kullanici_no, baslik, icerik, created_at, updated_at) VALUES (1, '"
~ başlık ~
"', '"
~içerik ~
"', '"
~ zaman ~
"', '"
~ zaman ~
"')";
I tried to replace ' characters with \' but I think it doesn't work.
A friend of mine suggested using these characters.
merhaba "dünya"
But this time I get an error like this:
MySQL error: Unknown column 'deneme' in 'field list'
Update : solved
I putted double quotation marks as suggested.
auto başlık = this.başlık_.replace("'",`''`);
auto içerik = this.içerik_.replace("'",`''`);
Put an another quotation mark next to it, like so:
'deneme''miz'
If that doesn't work ,just put double quotation marks
"deneme'miz"