while (($data = fgetcsv($handle, 1000, ",")) !== FALSE)
{
$row++;
$import = ("INSERT INTO foobar
(
foo ,
Name ,
bar
)
values
(
'$data[0]' ,
'$data[1]',
'$data[2]'
)
");
one field is a persons Name and chugs along until it finds the name D'arcy or anything with a " or ' and throws an error
What would be a good way to deal with this?
I would suggest using mysql_real_escape_string() for strings being stored in a database.
The htmlentities() changes a quote mark to something like &345; in the string. while the mysql_real_escape_string() puts a backslash in front of it. There are advantages to both, but...
When reading the string back out of the database, use stripslashes() to remove the backslash.
Use html_entity_decode() for converting the html entities back to characters.