I'm designing a website that takes user input from in a <textarea></textarea> and enters the input into a database. Everything works besides if the user has double quotes (") in his/her message. (the name of the table that I want to add to is alluserposts)
What i have so far is the following:
from index.php:
<form action="insert2.php" method="post"><textarea name="user_post" rows="6" cols="35"></textarea></form>
from insert2.php:
mysql_query("INSERT INTO alluserposts (post_value) VALUES(" . "\"" . $_POST['user_post'] . "\")" ,$db) or die(mysql_error($db));
I want the user to be able to input any character. How can i do that?
PHP double quotes in input
Moderator: General Moderators
-
jankidudel
- Forum Commoner
- Posts: 91
- Joined: Sat Oct 16, 2010 4:30 pm
- Location: Lithuania, Vilnius
Re: PHP double quotes in input
Have you tried to use some function like mysql_real_escape_string ?
- Jonah Bron
- DevNet Master
- Posts: 2764
- Joined: Thu Mar 15, 2007 6:28 pm
- Location: Redding, California
Re: PHP double quotes in input
You must _always_ use mysql_real_escape_string() to clean user input for MySQL queries. Not doing so introduces problems like the one you're experiencing now, and a more dangerous issue called "SQL Injection".