acidglitter Posted September 22, 2006 Share Posted September 22, 2006 At my site you can submit reviews.. They go through a normal html contact form into a mysql table. One of the comments had a [color=blue][b]'[/b][/color] in it. So when I tried to move the comment from one table to another table this error message showed up. I went into phpmyadmin and just took the ' out, then I went back to the page I made and it let me move the comment from the first table to the other table..So my question is.. how can I move things without having to delete the ' ? Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted September 22, 2006 Share Posted September 22, 2006 Use the function [url=http://www.php.net/mysql_real_escape_string]mysql_real_escape_string()[/url] on the data when you insert it into the database.Ken Quote Link to comment Share on other sites More sharing options...
onlyican Posted September 22, 2006 Share Posted September 22, 2006 here is my "Make Safe" function, it makes any string secure for Database[code]<?phpfunction MakeSafe($str, $make_lower = false){if($make_lower){$str = strtolower($str);}$str = stripslashes($str);$str = trim($str);$str = strip_tags($str);$str = mysql_real_escape_string($str);return $str;}//This is a Safe String, which is lowercase, for usernames ect$username = MakeSafe($_POST["username"] , 1);//This makes strings safe, keeping the case$name = MakeSafe($_POST["name"]);//So to make a string lowercase//Add a 2nd argument, with 1 or true in it?>[/code] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.