Derleek Posted July 23, 2008 Share Posted July 23, 2008 I am storing e-mails for a mass e-mail system i'm throwing together. I can't figure out how to allow people to put a single quote in the message without throwing everything off... this is the code that i have now, which doesn't allow users to use the ': $sql = "INSERT INTO mail (msg) VALUES ('$content')"; I've tried: $sql = `INSERT INTO mail (msg) VALUES ("$content")`; and get 'query was empty' and: $sql = 'INSERT INTO mail (msg) VALUES ("$content")'; the sql inserts $content how do i get around this? Quote Link to comment Share on other sites More sharing options...
fenway Posted July 23, 2008 Share Posted July 23, 2008 You have to escape the quotes -- mysql_real_escape_string() comes to mind. Quote Link to comment Share on other sites More sharing options...
Derleek Posted July 23, 2008 Author Share Posted July 23, 2008 thanks... i think that should work just fine Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.