jandrews3 Posted September 1, 2008 Share Posted September 1, 2008 If I have the variable $text for a textarea, and the user enters an apostrophe ... when the form is submitted, is addslashes($text) not sufficient before updating the record in a mysql database??? I'm getting the following error: (I must be an idiot) Could not perform update: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's classification is Human Resources. Active in the promotion of several causes,' at line 1 It appears that the apostrophe is closing the UPDATE request and then causing an error with the remaining text. What easy thing am I overlooking? Thanks. Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted September 1, 2008 Share Posted September 1, 2008 Show us the code. Ken Quote Link to comment Share on other sites More sharing options...
jandrews3 Posted September 1, 2008 Author Share Posted September 1, 2008 I hate being stupid. While copying the text to put in the code, I found the error. Thanks ... and sorry. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted September 1, 2008 Share Posted September 1, 2008 Not directly related to your error, but because addslashes() (and magic_quotes) does not escape all the special characters that can break a query (allowing a hacker to trigger an error on your server by feeding your code unexpected data), you should use mysql_real_escape_string() on any data placed into a query that could contain special characters. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.