php - Multiple insert into from loop with check on existing field -

i have read lots of forum threads , unable solve problem.

i'm parsing xml file in foreach loop , want parsed content inserted in database table.

all working fine have problem while inserting in database. here's code make "understandable" :

// create connection  $conn = new mysqli($servername, $username, $password, $dbname);  // check connection  if ($conn->connect_error) {     die("connection failed: " . $conn->connect_error); }       foreach ($articles->article $article) {         $article_title = $article->title;         $article_alias = $article->alias;         ...         $all_articles .= "('default','$article_title','$article_alias'),";     }  $all_articles = rtrim($all_articles, ',');  $query = "insert my_table (id,title, alias,) values $all_articles"; 

my id field unique , auto increment. want check if alias field exists, update or create new row.

i checked on duplicate key update , replace, doesn't fit needs since performs duplicate check on unique keys, or alias field isn't , can't change it.

last thing i'm testing right make select before insert condition @ alias field.

i want ask question here, and, if can answer it, you'll find answer of own question: happen if:

1. $article_title or $article_alias contain, hm, let's "ymas's lazy programming skills"?

let me - sql syntax error, because on line:

 $all_articles .= "('default','$article_title','$article_alias'),"; 

you not escape variables. bingo, mysql insert failed.

rule number 1: always, handle input data before insert/update/delete - i.e. either using pdo , prepared statements (best), or old-and-flawed mysqli_real_escape_string() function.