I have a form that submits data from the form fields into a MySQL database. People's names may contain an apostrophe so when they enter that, I want it to store the result just like any other. At the moment, my script puts a slash in front of the apostrophe when it stores it. Here's my code:
Code: Select all
<?php
$date=date("d-m-Y");
$database_name = "my_database";
$dbh = mysql_connect("localhost","username","password");
if (!mysql_select_db($database_name)) {
echo "Unable to select "$database_name" database";
}
$first_name = ltrim(rtrim(strip_tags(addslashes($_POST['first_name']))));
$last_name = ltrim(rtrim(strip_tags(addslashes($_POST['last_name']))));
$birth_year = ltrim(rtrim(strip_tags(addslashes($_POST['birth_year']))));
$email = ltrim(rtrim(strip_tags(addslashes($_POST['email']))));
$address = ltrim(rtrim(strip_tags(addslashes($_POST['address']))));
$city = ltrim(rtrim(strip_tags(addslashes($_POST['city']))));
$state_province = ltrim(rtrim(strip_tags(addslashes($_POST['state_province']))));
$country = ltrim(rtrim(strip_tags(addslashes($_POST['country']))));
$zip = ltrim(rtrim(strip_tags(addslashes($_POST['zip']))));
$continent = ltrim(rtrim(strip_tags(addslashes($_POST['continent']))));
$phone = ltrim(rtrim(strip_tags(addslashes($_POST['phone']))));
$major_city = ltrim(rtrim(strip_tags(addslashes($_POST['major_city']))));
$faves = ltrim(rtrim(strip_tags(addslashes($_POST['faves']))));
$comments = ltrim(rtrim(strip_tags(addslashes($_POST['comments']))));
// VALIDATION
if(empty($first_name) || empty($last_name) || empty($email) || empty($address) || empty($city) || empty($country) || empty($zip) || empty($continent)) {
echo "<span class="error">Error!</span><br><br>You have not filled in all the required fields.<br><br><a href="javascript:history.go(-1)">Click here to go back to the form.</a>";
}
elseif(!ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {
echo "<span class="error">Error!</span><br><br>The email address you have entered is invalid.<br><br><a href="javascript:history.go(-1)">Click here to go back to the form.</a>";
}
else {
$sql = "insert into street_team (date, first_name, last_name, birth_year, email, address, city, state_province, country, zip, continent, phone, major_city, faves, comments)
values ('$date', '$first_name', '$last_name', '$birth_year', '$email', '$address', '$city', '$state_province', '$country', '$zip', '$continent', '$phone', '$major_city', '$faves', '$comments')";
$res = mysql_query($sql,$dbh);
if (!$res) {
echo mysql_errno().": ".mysql_error ()."";
return 0;
}
echo "<span class="confirmation">Success!</span><br><br>You are now a member of the Street Team."; }
?>