jjmusicpro Posted October 13, 2008 Share Posted October 13, 2008 I have a text box, that someone can type in anything they want, however if they type in what's or any ' it will break the insert anyways to get around this? Quote Link to comment https://forums.phpfreaks.com/topic/128225-how-to-allow-in-insert-into-db/ Share on other sites More sharing options...
trq Posted October 13, 2008 Share Posted October 13, 2008 Escape your data using mysql_real_escape_string(). Quote Link to comment https://forums.phpfreaks.com/topic/128225-how-to-allow-in-insert-into-db/#findComment-664090 Share on other sites More sharing options...
jjmusicpro Posted October 13, 2008 Author Share Posted October 13, 2008 im running my php against a mssql db Quote Link to comment https://forums.phpfreaks.com/topic/128225-how-to-allow-in-insert-into-db/#findComment-664097 Share on other sites More sharing options...
wildteen88 Posted October 13, 2008 Share Posted October 13, 2008 Umm, seems mssql does have a built in escape function like mysql. You'll have to escape your quotes using addslashes instead. You may need to use stripslashes when you get data out of your mssql database. Alternatively you could convert all quotes to their HTML equivalent using htmlentities along with the ENT_QUOTES flag. Quote Link to comment https://forums.phpfreaks.com/topic/128225-how-to-allow-in-insert-into-db/#findComment-664137 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.