textarea into database

[mga_ka_php]

i have a textarea and the content is description. how do i save this to database, because sometimes it has ' and " so it fails when i insert it into database, what should i use addslashes?

[linus72982]

mysql_real_escape_string($CONTENT, $CONNECTION);

 

Actually, I'm not positive that will escape ANDs, but you should use that on all input anyway.

[mga_ka_php]

so mysql_real_escape_string removes the quotes?

[linus72982]

From php.net:

mysql_real_escape_string — Escapes special characters in a string for use in an SQL statement

 

Yep, it escapes the quotes.  PHP.net recommends you use this in place of addslashes() if possible.

[mga_ka_php]

ok thanks

[Festy]

Although you can also use addslashes and stripslashes, using 'mysql_real_escape_string' would also help you prevent any sql injection attempts.

[xcoderx]

this function could be handy

function clean($str) {
	$str = @trim($str);
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
	return mysql_real_escape_string($str);
}