jjmusicpro Posted October 13, 2008 Share Posted October 13, 2008 I have a text box, that someone can type in anything they want, however if they type in what's or any ' it will break the insert anyways to get around this? Link to comment https://forums.phpfreaks.com/topic/128225-how-to-allow-in-insert-into-db/ Share on other sites More sharing options...
trq Posted October 13, 2008 Share Posted October 13, 2008 Escape your data using mysql_real_escape_string(). Link to comment https://forums.phpfreaks.com/topic/128225-how-to-allow-in-insert-into-db/#findComment-664090 Share on other sites More sharing options...
jjmusicpro Posted October 13, 2008 Author Share Posted October 13, 2008 im running my php against a mssql db Link to comment https://forums.phpfreaks.com/topic/128225-how-to-allow-in-insert-into-db/#findComment-664097 Share on other sites More sharing options...
wildteen88 Posted October 13, 2008 Share Posted October 13, 2008 Umm, seems mssql does have a built in escape function like mysql. You'll have to escape your quotes using addslashes instead. You may need to use stripslashes when you get data out of your mssql database. Alternatively you could convert all quotes to their HTML equivalent using htmlentities along with the ENT_QUOTES flag. Link to comment https://forums.phpfreaks.com/topic/128225-how-to-allow-in-insert-into-db/#findComment-664137 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.