Error when ' in the sql insert
Posted: Tue Aug 31, 2004 8:55 pm
IN my forums if their is a ' in the subject it will add it to the db. However it will now allow people to post a reply. this is the error i get
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'm not one to complain..','1')' at line 2
This is my code..
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'm not one to complain..','1')' at line 2
This is my code..
Code: Select all
<?php
$sql = "SELECT subject FROM topics WHERE tid='{$_POST['newtid']}'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
$subject = $row['subject'];
$subject = "RE:".$subject;
$sql = "INSERT INTO threads (tid,author,body,date,subject,forum_id) VALUES
('$newtid','$name','$body','$date','$subject','$fid')";
mysql_query($sql,$con) or die(mysql_error());
mysql_close();
?>