SQL query error, not sure what's best in this situation

[Rovch]

So I wrote a question/answer script, and I am having issues with inputting symbols.

It works great it you only have letters, number, dots, commas, and likely other symbols.

However query fails every time you insert certain symbols.

 

Here is an error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '" ' ''' \ | / ) // ')' at line 3

 

My test input was following:

' " ' ''' \ | / ) //

 

I am not sure which symbol causes this, and I need help fixing this.

 

How do I go about this without stripping any symbols?

 

Maybe change table structure somehow?

[titan21]

It's probably the quotes - can you post the SQL when the query is generated so we can see what it's choking on?

[Rovch]

It's probably the quotes - can you post the SQL when the query is generated so we can see what it's choking on?

 

Of course, here it is:

 

mysql_query("INSERT INTO wt_answers (id, question_id, user_id, date, title, body)

VALUES

('null','$themeid', '$id', '$todays_date', '$_POST[title]', '$_POST[body]')")

or die(mysql_error()); 

 

Thank you.

[scootstah]

You'll need to escape your data first. mysql_real_escape_string

[Rovch]

You'll need to escape your data first. mysql_real_escape_string

 

Awesome, thank you!