Quotation Marks in Forms into SQL
Posted: Mon Mar 31, 2003 4:59 am
I'm probably missing something really easy here, but I've had a problem with ' for a number of years, and it really is starting to be a problem as I develop larger more public sites.
Example:
A user would like to add a description of themselves into a text box on a form. On pressing submit, the form variables are passed, using Post to a PHP script that does the following:
Now if the description were:
So no problem there...
However, if the description was:
And you'd get an error.....
What's the easiest way around this?
Example:
A user would like to add a description of themselves into a text box on a form. On pressing submit, the form variables are passed, using Post to a PHP script that does the following:
Code: Select all
<?php
$sql_statement="insert into people (username,description) values ('$_Postї"username"]','$_Postї"description"]')"
їi]execution of mysql statement їi]Then the sql would be:Hi my name is Bob
Code: Select all
insert into people (username,description) values ('Bob','Hi my name is Bob')However, if the description was:
sql would be:Hi, I'm Bob
Code: Select all
insert into people (username,description) values ('Bob','Hi I'm Bob')What's the easiest way around this?