working around ' s

[acidglitter]

At my site you can submit reviews.. They go through a normal html contact form into a mysql table. One of the comments had a [color=blue][b]'[/b][/color] in it. So when I tried to move the comment from one table to another table this error message showed up. I went into phpmyadmin and just took the ' out, then I went back to the page I made and it let me move the comment from the first table to the other table..

So my question is.. how can I move things without having to delete the ' ?

[kenrbnsn]

Use the function [url=http://www.php.net/mysql_real_escape_string]mysql_real_escape_string()[/url] on the data when you insert it into the database.

Ken

[onlyican]

here is my "Make Safe" function, it makes any string secure for Database

[code]
<?php
function MakeSafe($str, $make_lower = false){
if($make_lower){
$str = strtolower($str);
}
$str = stripslashes($str);
$str = trim($str);
$str = strip_tags($str);
$str = mysql_real_escape_string($str);
return $str;
}

//This is a Safe String, which is lowercase, for usernames ect
$username = MakeSafe($_POST["username"] , 1);

//This makes strings safe, keeping the case
$name = MakeSafe($_POST["name"]);

//So to make a string lowercase
//Add a 2nd argument, with 1 or true in it
?>
[/code]