[SOLVED] Inserting textarea into mysql

[TheNix]

I'm getting errors because of apostrophes when I try to insert text into a mysql field. I'm getting the text is coming from POSTing a textarea from a previous page. I've tried a few things like addslash() but I'm not sure how to keep it from messing with the mysql syntax. I know there has to be an easy way to do this though. I appreciate any help, thank you.

[premiso]

mysql_real_escape_string the text coming from forms being inserted into the DB.

 

addslashes is being depreciated and suggested not to be used.

 

Post the spot where you are inserting if the mysql escape string does not solve this, as chances are you are probably using it wrong.

[keeps21]

<?php
// assuming the name of your textarea is text 
$text = mysql_real_escape_string($_POST['text']);
?>

 

Then all you have to do is run your query inserting $text into the database field.

[TheNix]

Thank you, i will try this out when I get off work and let you guys know how it goes.

[TheNix]

I'm still having the same problem, I'll post my code:

$review = mysql_real_escape_string($_POST['review']);
$sql="INSERT INTO Reviews (Title, Rating, Review) VALUES('$_POST[title]','$_POST[rating]',$review)";

 

The error I'm getting is: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'For one of the few times

 

This is the first words of the textarea I'm trying to put in the database. (minus the ' before "For") This means that it is getting the textarea and putting it in $review but is it putting a ' at the beginning?

[premiso]

The title should be escaped as well and you need single quotes around $review.

 

$sql="INSERT INTO Reviews (Title, Rating, Review) VALUES('$_POST[title]','$_POST[rating]','$review')";

[TheNix]

Thank you that did the trick, also yeah I didn't think about it but the title would need the same treatment. Thank you again for the advice.