I created a form where someone can add their name and a comment and then submit it to my database. here's the code of the form
PHP
<form method="post" action="addcomments_per_student_action.php" enctype="multipart/form-data" style="width: 700px; height: 400px;">
<?php
$x=$_GET['st'];
$result = $log->qry("Select * from students where id=".$x);
$row=mysql_fetch_assoc($result);
echo $row['name'].' - '.$row['surname'];
?>
<input type="hidden" name="st" value="<?php echo $row['id']; ?>">
<br><br>
<label>name</label>
<input type="text" name="comm" required><br>
<label>comment</label>
<textarea name="comments" style="width: 600px; heigh: 350px;"></textarea>
<br>
<input name="submit" id="submit" value="submit" type="submit" style="width: 150px;"><br>
</form>
and here's the code of the form's action
PHP
<?php
require ('logmein.php');
$log = new logmein();
if($log->logincheck($_SESSION['loggedin'],"logon","password","username") == false) {
//elenxos egkirotitas sindesis tou xristi sto sistima.An oxi epistrofi stin index me plirofories tou lathous
$log->redirect($log->getHost());
}
if($_SESSION['userlevel']!=0) {
$log->redirect($log->getHost()."?result=3");
}
$student=$_POST['st'];
$comm=$_POST['comm'];
$comments=$_POST['comments'];
$log->qry("Insert into comments (student,comm,comment) values (".$student.",'".$comm."','".$comments."')");
$log->redirect("http://spoudastirio.com.gr/grades/comments.php");
?>
THE PROBLEM: When someone submits a plain text, it works fine , but where they write ' symbol the file gets an error. THE ERROR: When i type "here's the game" in the textarea i get this error.
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 's the best game.')' at line 1
My database table is utf8-general ci // text format. How can i solve it, so there won't be this kind of problems.