I have a form that accepts a few names and phone numbers and posts them to a PHP script which then inserts those values into a MySQL table. The code (PHP) is pretty straightforward as you can see here:
$sql = "INSERT INTO Contact_table (PHONE, NAME) VALUES ";
for ($i = 0; $i < $arr; ++$i){
$sql .= "('".$numbers[$i]."', '".$names[$i]."'),";
}
$sql = substr($sql, 0, -1)." ON DUPLICATE KEY UPDATE name = COALESCE(VALUES(name), name);";
$connect = dbconn(PROJHOST,PROJDB,PROJDBUSER,PROJDBPWD);
$query = $connect->query($sql);
$connect = NULL;
And this works perfect except that it refuses to accept any names like O'Hara or D'Souza. I am vaguely aware of PDO's prepared statement having some use in this scenario but I couldn't make it work. What I tried was this:
$query = $connect->prepare($sql);
$query->execute();
Instead of this:
$query = $connect->query($sql);
Any hints? What am I missing?