Note that my code still use the old mysql query and I am aware of that. I want to migrate it to mysqli soon but it will have to wait until I learn how to do so. Meanwhile, please help me with the code that I have now. Thank you
I've looked around the internet to find how to do this and I found two methods:
htmlspecialchars();
and
mysql_real_escape_string();
I wrapped my text into one of the two function in order to pass in text with apostrophe in it to the database.
However I encountered a problem.
With mysql_real_escape_string, I got the desired effect that I want but the problem is that, the function also apply its effect onto html img tag. So <img src="test"> turns into <img src=/"test/"> and therefore images (and also links) will not appear.
With htmlspecialchars, again I got the desired function that I want which is to pass in apostrophe into the database. The problem with this is that when I pull the data out from the database and echo it onto my page, it doesn't render and show as a plain html code.
What confuse me a lot is that, it works fine inside my localhost.
Please help
Thank you!
content-insert.php