Jump to content


Photo

MySQL errors with apostrophe


  • Please log in to reply
1 reply to this topic

#1 PWD

PWD
  • Members
  • PipPip
  • Member
  • 19 posts

Posted 19 March 2006 - 05:00 AM

I think I missed something in MySQL 101 years ago, or maybe a new thing with MySQL 5.0.15, but my simple insert statement from a textfield error out ONLY when an apostrophe is used within the text field:

<!-- Textfield Text example -->
We went down to Michael's house
<!-- End Textfield entry -->

MySQL Statement:
$query = "INSERT into TABLE(text_field) VALUES('$_POST[textfield]')";

What do I need to include in my INSERT statement to allow apostrophes? addslashes()?

My gratitude ahead of time....
[!--fonto:Geneva--][span style="font-family:Geneva"][!--/fonto--]My Gratitude---[!--fontc--][/span][!--/fontc--]
(My gratitude in advance for helping me learn; so I may one day give as freely as you have here today)
----------
[!--sizeo:5--][span style="font-size:18pt;line-height:100%"][!--/sizeo--][!--fonto:Optima--][span style="font-family:Optima"][!--/fonto--][!--coloro:red--][span style="color:red"][!--/coloro--]PWD[!--sizec--][/span][!--/sizec--][!--colorc--][/span][!--/colorc--][!--fontc--][/span][!--/fontc--]

#2 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 19 March 2006 - 10:33 AM

Yes you should uses addslashes also NEVER place POST'd data straight into a mysql query with out validating the data/eascaping the data with addslashes, htmelentities or use mysql_real_escape_string. So this is what your code should be like:
$textfield = addslashes($_POST['textfield']);
$query = "INSERT into TABLE(text_field) VALUES('$textfield')";





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users