I am using PHp to insert data into a mysql table. as follows
$query = "INSERT INTO database (category, catname, active) VALUES('$category', '$catname', '$active' ) ";
The problem is if the variable catname contains quotes (for example - LAST YEAR'S STOCK -) I get mysql errors.
Any suggestions?
Embedded quotes
Moderator: General Moderators
Re: Embedded quotes
There are 10 types of people in this world, those who understand binary and those who don't
Re: Embedded quotes
My bad.VladSun wrote:Better:
http://bg.php.net/mysql_real_escape_string
However I had problems with ' before I added these lines:
Code: Select all
if(get_magic_quotes_gpc()) {
$name = stripslashes($name);
}