Re: When a string have an apostrophe ' is not properly read
Posted: Wed Mar 10, 2010 12:50 am
The security risk you are referring to is called SQL Injection.
Assuming that you're using MySQL, you can avoid it by sanitizing your database inputs with the mysql_real_escape_string() function. A similar function exists for the MySQLi extension. Take the following code for example:
The $sanitizedchat variable will now have all of its potentially dangerous characters escaped, so that you can safely insert it into your database.
Assuming that you're using MySQL, you can avoid it by sanitizing your database inputs with the mysql_real_escape_string() function. A similar function exists for the MySQLi extension. Take the following code for example:
Code: Select all
$chat = "what's your name?";
$sanitizedchat = mysql_real_escape_string($chat);