I'm trying to put a few input fields into a database at the moment, and it has all been working till recently, I've uploaded it all to the server and mod_security is rearing its head.
After spending all morning trying to get addslashes() and mysql_real_escape_string() working, I've realised the word 'from' which appears in the input text is messing the whole thing up, including it gives the error everytime, and excluding it means the program will run fine.
Where am I going wrong?
Here's my code..
Code: Select all
//take out text from form
$article = $_POST['article'];
//replace MS word chars with apostrophe's and add slashes
$newArticle = addslashes(str_replace("’","'",$article));
//sql
$query = "INSERT INTO newsletter (date,article...) VALUES ('" . $date . "' , '" . $newArticle . "')";Thanks in advance, and any help much appreciated. Cheers!