When a string have an apostrophe ' is not properly read

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Griven
Forum Contributor
Posts: 165
Joined: Sat May 09, 2009 8:23 pm

Re: When a string have an apostrophe ' is not properly read

Post by Griven »

The security risk you are referring to is called SQL Injection.

Assuming that you're using MySQL, you can avoid it by sanitizing your database inputs with the mysql_real_escape_string() function. A similar function exists for the MySQLi extension. Take the following code for example:

Code: Select all

$chat = "what's your name?";
$sanitizedchat = mysql_real_escape_string($chat);
The $sanitizedchat variable will now have all of its potentially dangerous characters escaped, so that you can safely insert it into your database.
Post Reply