mysql error on str_replace -- code was working

[brett24]

I've been running the same code for a few years now on an old website (www.boardgameinventors.com).  The form allows users to describe their boardgames they have made.  Everything was working great for a long time.  But something changed recently to cause a problem.  Now if the user includes an apostrophe (') such as in the contraction "don't" or the possessive noun "Bill's" the information does not get written to the database, but the php code on the remainder of the page completes (it sends the user a note saying the game was entered, and send me a note saying a new game was added).

 

My server provider was pretty much useless in helping find the problem.  They offered only "make sure your code is compatible with php5" which apparently recently replaced an older version on the server.

 

Currently I have the code use a string replace

$var_name = str_replace("'","\'",$var_name);

to insert a backslash in front of any apostrophe/single quote.

 

Formerly this was necessary.  Is it now the source of my problem?

 

If the apostrophes are removed before submitting the form, the entry is saved correctly.

 

Thanks.

-Brett

 

 

[Barand]

try

<?php
function clean($var)
{
$var = get_magic_quotes_gpc() ? stripslashes($var) : $var;
$var = mysql_real_escape_string($var);
return $var;
}

$var_name =  clean($var_name);
?>