-6

I have a problem with quotes. I can't use " or ' for $gname. What can I do for this.

$new_post = array( 'post_content' => ' ..CODES.. $result = mysqli_query($con,"SELECT * FROM wp_games WHERE name = $gname "); ..CODES..

I'm trying to create a post on wordpress.I have a plugin to use php on posts. [insert_php] is this plugin. And I also can't use quote like \" ... \" .Here is more code.

$new_post = array(
'post_content' => '[insert_php]$con=mysqli_connect("localhost","root","","wordpress");
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
 $result = mysqli_query($con,"SELECT * FROM wp_games WHERE name = '$gname' ");
while($row = mysqli_fetch_assoc($result)) { 
echo $row["name"];
}

mysqli_close($con);
[/insert_php]',
ChrisF
  • 134,786
  • 31
  • 255
  • 325
Naim Berk Tumer
  • 129
  • 3
  • 11
  • That is broken on so many levels - very messy and prone to rampant PHP and/or SQL injection. In any case, see [PHP strings](http://php.net/manual/en/language.types.string.php) for how quotes can be escaped in a PHP-string context. (Where, like a bad remake of Inception, the inner string literal is two levels deep..) – user2864740 Oct 04 '14 at 22:25
  • Post your actual code, I don't help to answer pseudos, it just keeps us guessing till the cows come home. – Funk Forty Niner Oct 04 '14 at 22:25
  • http://stackoverflow.com/help/how-to-ask – Funk Forty Niner Oct 04 '14 at 22:27
  • Also, "I have a plugin to use php on posts" <- please don't do that, either; it sounds like a recipe for disaster. Wordpress has enough security holes of its own without making it even easier to `eval()` code. – IMSoP Oct 04 '14 at 22:43

1 Answers1

0

You can create a single quote using chr(39) and append it to the string. You should also escape the contents of $gname

mysqli_query($con,"SELECT * FROM wp_games WHERE name = " . chr(39) . mysqli_real_escape_string($con, $gname) . chr(39));
AlliterativeAlice
  • 11,841
  • 9
  • 52
  • 69