PWD Posted March 19, 2006 Share Posted March 19, 2006 I think I missed something in MySQL 101 years ago, or maybe a new thing with MySQL 5.0.15, but my simple insert statement from a textfield error out [b]ONLY[/b] when an apostrophe is used within the text field:[code]<!-- Textfield Text example -->We went down to Michael's house<!-- End Textfield entry -->[/code][code]MySQL Statement:$query = "INSERT into TABLE(text_field) VALUES('$_POST[textfield]')";[/code]What do I need to include in my INSERT statement to allow apostrophes? addslashes()?My gratitude ahead of time.... Link to comment https://forums.phpfreaks.com/topic/5273-mysql-errors-with-apostrophe/ Share on other sites More sharing options...
wildteen88 Posted March 19, 2006 Share Posted March 19, 2006 Yes you should uses addslashes also [b]NEVER[/b] place POST'd data straight into a mysql query with out validating the data/eascaping the data with addslashes, htmelentities or use mysql_real_escape_string. So this is what your code should be like:[code]$textfield = addslashes($_POST['textfield']);$query = "INSERT into TABLE(text_field) VALUES('$textfield')";[/code] Link to comment https://forums.phpfreaks.com/topic/5273-mysql-errors-with-apostrophe/#findComment-18774 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.