Sp666ky Posted January 21, 2013 Share Posted January 21, 2013 (edited) I have written a simple forum. However if the user enters a ' character it fails to sent the text properly and crashes. Obviously because it sees a premature string ending. So I could go through the string with a loop and insert a \ before each ' and probably before \ s too. But I expect this is quite a common thing so could anyone please tell me if I have missed an inbuilt php command to do this? Ta Spook Edited January 21, 2013 by Sp666ky Quote Link to comment Share on other sites More sharing options...
kicken Posted January 21, 2013 Share Posted January 21, 2013 The proper solution depends on what database API your using. For the mysql_* function (which you shouldn't be using): mysql_real_escape_string For the MySQLI class/functions: mysqli_real_escape_string or Prepared Statements For PDO: PDO::Quote or Prepared statements Quote Link to comment Share on other sites More sharing options...
Sp666ky Posted January 24, 2013 Author Share Posted January 24, 2013 Thanks mysqli_real_escape_string() seems to work great. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.