allowing ' in mysql

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
tomsace
Forum Contributor
Posts: 167
Joined: Thu Jan 01, 2009 8:07 pm

allowing ' in mysql

Post by tomsace »

I have a php page to add my records into a mysql database. But if I write something such as "here's dad" it wont allow it because of the '. How can I allow this ' symbol when entering results into mysql?

I use this code to set what is entered into my database...

Code: Select all

$sql = "INSERT INTO $db_table(id, idname)
VALUES('','$_POST[id]', '$_POST[idname]')";
if($result = mysql_query($sql ,$db)) {
echo '<center><h1>Thank you</h1>Your information has been entered into our database';
}
And I simply use input forms to enter the data and name them 'idname' 'title'. Here's an example..

Code: Select all

<input type="text" name="idname" class="input" size="29">
Any help will be much apprechiated.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: allowing ' in mysql

Post by John Cartwright »

You should always pass your data through mysql_real_escape_string() to prevent quotes, among other nasty characters, from being injected maliciously, on purpose or not.
Post Reply