Example:
A user would like to add a description of themselves into a text box on a form. On pressing submit, the form variables are passed, using Post to a PHP script that does the following:
Code: Select all
<?php
$sql_statement="insert into people (username,description) values ('$_Postї"username"]','$_Postї"description"]')"
їi]execution of mysql statement їi]Then the sql would be:Hi my name is Bob
Code: Select all
insert into people (username,description) values ('Bob','Hi my name is Bob')However, if the description was:
sql would be:Hi, I'm Bob
Code: Select all
insert into people (username,description) values ('Bob','Hi I'm Bob')What's the easiest way around this?