PWD Posted March 19, 2006 Share Posted March 19, 2006 I think I missed something in MySQL 101 years ago, or maybe a new thing with MySQL 5.0.15, but my simple insert statement from a textfield error out [b]ONLY[/b] when an apostrophe is used within the text field:[code]<!-- Textfield Text example -->We went down to Michael's house<!-- End Textfield entry -->[/code][code]MySQL Statement:$query = "INSERT into TABLE(text_field) VALUES('$_POST[textfield]')";[/code]What do I need to include in my INSERT statement to allow apostrophes? addslashes()?My gratitude ahead of time.... Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted March 19, 2006 Share Posted March 19, 2006 Yes you should uses addslashes also [b]NEVER[/b] place POST'd data straight into a mysql query with out validating the data/eascaping the data with addslashes, htmelentities or use mysql_real_escape_string. So this is what your code should be like:[code]$textfield = addslashes($_POST['textfield']);$query = "INSERT into TABLE(text_field) VALUES('$textfield')";[/code] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.