[SOLVED] A Small Help

[.Darkman]

Hello,

 

I am making a small PHP Application.

I use a form to submit information to the Database.

When i use a single quote (') in the textarea, it gives me an error.

 

My code is : -

if (empty($_POST['name'])) 
{
	echo '<p><font color="red">You need to enter a Game Title.</font></p>';
	$name = '';
} 
else 
{
	$name = $_POST['name'];
            $name = strip_tags($name, "");
}

$platform = $_POST['platform'];

if (empty($_POST['cheat'])) 
{
	echo '<p><font color="red">You need to enter a Description.</font></p>';
	$cheat = '';
} 
else 
{
	$cheat = $_POST['cheat'];
            $cheat = strip_tags($cheat, "<b><i><s><u><br><a><img>");
}

if ($name && $platform && $cheat) 
{
	$query = "INSERT INTO cheats (name, platform, cheat, date) VALUES ('$name', '$platform', '$cheat', NOW())";
	$result = @mysql_query($query);

	if ($result) 
	{
		echo '<p><font color="red">Cheat was added!</font></p>';
	} 
	else 
	{
		echo '<font color="red"><p>Cheat could not be added! Please try again.</p></font>';
	}
} 

 

In the textarea(cheat field) for eg, if i input the following text :

Hello everybody, this is the text i entered. This is Darkman's text

I get the error :

Cheat could not be added! Please try again.

 

But if i enter the following :

Hello everybody, this is the text i entered. This is Darkmans text

I don't get any error.

 

Whats the problem ?

 

Please help me out.

 

 

Thanks,

[esukf]

Try

<?php
$query = sprintf("INSERT INTO cheats (name, platform, cheat, date) VALUES ('%s', '%s', '%s', NOW())",
                mysql_real_escape_string($name),
                mysql_real_escape_string($platform),
                mysql_real_escape_string($cheat)
                );
?>

[.Darkman]

Wow !

Thanks a lot. worked like a charm.