PHP double quotes in input

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
sshaham1
Forum Newbie
Posts: 2
Joined: Sun Jan 16, 2011 10:09 am

PHP double quotes in input

Post by sshaham1 »

I'm designing a website that takes user input from in a <textarea></textarea> and enters the input into a database. Everything works besides if the user has double quotes (") in his/her message. (the name of the table that I want to add to is alluserposts)

What i have so far is the following:
from index.php:
<form action="insert2.php" method="post"><textarea name="user_post" rows="6" cols="35"></textarea></form>

from insert2.php:
mysql_query("INSERT INTO alluserposts (post_value) VALUES(" . "\"" . $_POST['user_post'] . "\")" ,$db) or die(mysql_error($db));

I want the user to be able to input any character. How can i do that?
jankidudel
Forum Commoner
Posts: 91
Joined: Sat Oct 16, 2010 4:30 pm
Location: Lithuania, Vilnius

Re: PHP double quotes in input

Post by jankidudel »

Have you tried to use some function like mysql_real_escape_string ?
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: PHP double quotes in input

Post by Jonah Bron »

You must _always_ use mysql_real_escape_string() to clean user input for MySQL queries. Not doing so introduces problems like the one you're experiencing now, and a more dangerous issue called "SQL Injection".
Post Reply