Sp666ky Posted January 21, 2013 Share Posted January 21, 2013 I have written a simple forum. However if the user enters a ' character it fails to sent the text properly and crashes. Obviously because it sees a premature string ending. So I could go through the string with a loop and insert a \ before each ' and probably before \ s too. But I expect this is quite a common thing so could anyone please tell me if I have missed an inbuilt php command to do this? Ta Spook Link to comment https://forums.phpfreaks.com/topic/273437-capture-and-fix-rogues-in-a-string/ Share on other sites More sharing options...
kicken Posted January 21, 2013 Share Posted January 21, 2013 The proper solution depends on what database API your using. For the mysql_* function (which you shouldn't be using): mysql_real_escape_string For the MySQLI class/functions: mysqli_real_escape_string or Prepared Statements For PDO: PDO::Quote or Prepared statements Link to comment https://forums.phpfreaks.com/topic/273437-capture-and-fix-rogues-in-a-string/#findComment-1407297 Share on other sites More sharing options...
Sp666ky Posted January 24, 2013 Author Share Posted January 24, 2013 Thanks mysqli_real_escape_string() seems to work great. Link to comment https://forums.phpfreaks.com/topic/273437-capture-and-fix-rogues-in-a-string/#findComment-1407897 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.