sinista Posted September 3, 2008 Share Posted September 3, 2008 hey can some one help me with this please, when ever i put a ' into an input box to be added to my mysql database nothing happens i.e if i added 'today is thursday' nothing would get added but if i added today is thursday it would work fine many thanks Link to comment https://forums.phpfreaks.com/topic/122640-hey-need-some-help-with/ Share on other sites More sharing options...
PFMaBiSmAd Posted September 3, 2008 Share Posted September 3, 2008 All data put into a query needs to be escaped to prevent special characters from breaking the query or allowing sql injection. Use the mysql_real_escape_string() function on your data. Link to comment https://forums.phpfreaks.com/topic/122640-hey-need-some-help-with/#findComment-633259 Share on other sites More sharing options...
discomatt Posted September 3, 2008 Share Posted September 3, 2008 Try echo'ing your query before you execute it, you'll find out why it's breaking. mysql_real_escape_string() will be your solution Link to comment https://forums.phpfreaks.com/topic/122640-hey-need-some-help-with/#findComment-633260 Share on other sites More sharing options...
sinista Posted September 4, 2008 Author Share Posted September 4, 2008 hey, mysql_real_escape_string() worked perfectly, thanks so much guys, changed $sql = "INSERT INTO `comments` (`comment`, `date`, `user`, `blog_id`) VALUES ('$comment', '$datetime', '$user', '$blog_id')"; $result = mysql_query($sql) to $test = mysql_real_escape_string($comment); $sql = "INSERT INTO `comments` (`comment`, `date`, `user`, `blog_id`) VALUES ('$test', '$datetime', '$user', '$blog_id')"; $result = mysql_query($sql) thanks again guy Link to comment https://forums.phpfreaks.com/topic/122640-hey-need-some-help-with/#findComment-633276 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.