apostrophe not getting saved in mysql

[bruckerrlb]

I"m having a bizarre issue, and not sure what's going on, I have a form, I fill out the form, and the data gets saved, but whenever I put an apostrophe in my form (i.e. this is what's going on) (notice the "what's") I get an error back saying that I have an error in my mysql syntax at line whatever.

 

I've tried this with two types, the first a varchar and the second a longtext and every time, if I have an apostrophe in there, I get the error, does anyone know what might cause this?

[Shockhazard30]

Let me preface this by saying that I am just getting started learning php and MySql, so someone may say this is incorrect. That said I think you need to put in the addslashes function to prevent this problem from happening.

 

you probably have something like this

$lastname=$_POST['lastname'];

and need

$lastname=addslashes ($_POST['lastname']);

this should help but without seeing your code I don't know for sure.

 

The reason this problem occurs is because you have a quote inside of a quoted value the addslashes function fixes this for you.

 

Hope this helps.

[bruckerrlb]

hey, thanks for the recommendation. For me, what worked was throwing a foreach that I found in the php.net manual

  //This stops SQL Injection in POST vars 
  foreach ($_POST as $key => $value) { 
    $_POST[$key] = mysql_real_escape_string($value); 
  } 

  //This stops SQL Injection in GET vars 
  foreach ($_GET as $key => $value) { 
    $_GET[$key] = mysql_real_escape_string($value); 
  }