DB Writing Issue

[mcmuney]

The following SQL records information to my DB; however, I noticed that if the data contains a apostrophe, it doesn't record anything. Is there a fix for it?

 

$query=mysql_query("insert into details set date = CURDATE(), fname	= '".$_POST['fname']."', lname= '".$_POST['lname']."', title= '".$_POST['title']."', company	= '".$_POST['company']."', city	= '".$_POST['city']."', state	= '".$_POST['state']."',	   
address	= '".$_POST['address']."', zip	= '".$_POST['zip']."', phone= '".$_POST['phone']."', email	= '".$_POST['email']."',cookie='".$cookie."', count='1'");

[kenrbnsn]

Always use the function mysql_real_escape_string on any string data that is being stored in a MySQL database.

 

Ken

[mcmuney]

If you mean use that instead of mysql_query, I just tried it and it didn't solve the problem.

[kenrbnsn]

No. Did you read the manual page for the function?

 

Your query should be something like

<?php
$query = "insert into details set date = CURDATE(), fname = '" . mysql_real_escape_string($_POST['fname']) . "', lname= '" . mysql_real_escape_string($_POST['lname']) . "', title= '" . mysql_real_escape_string($_POST['title']) . "', company	= '" . mysql_real_escape_string($_POST['company']) . "', city	= '" . mysql_real_escape_string($_POST['city']) . "', state	= '" . mysql_real_escape_string($_POST['state']) . "',address	= '" . mysql_real_escape_string($_POST['address']). "', zip	= '" . mysql_real_escape_string($_POST['zip']) . "', phone= '" . mysql_real_escape_string($_POST['phone']) . "', email	= '" . mysql_real_escape_string($_POST['email']) . "',cookie='" . $cookie ."', count='1'";
$rs = mysql_query($query) or die("Problem with the query: $query<br>" . mysql_error());
?>

 

Ken