surfsup Posted September 23, 2007 Share Posted September 23, 2007 I have a form form which users are inputting data in to my Database. They often input pieces of text that contain " marks. This causes a problem as it seem to terminate the input a that point. How can I deal with this.? Can I somehow replace the " on input with say ' ? (not ideal) THanks Quote Link to comment https://forums.phpfreaks.com/topic/70383-solved-marks-input-into-mysql/ Share on other sites More sharing options...
Jessica Posted September 23, 2007 Share Posted September 23, 2007 Use mysql_real_escape_string and google "sql injection" Quote Link to comment https://forums.phpfreaks.com/topic/70383-solved-marks-input-into-mysql/#findComment-353569 Share on other sites More sharing options...
rarebit Posted September 23, 2007 Share Posted September 23, 2007 $s = mysql_escape_string($s); http://uk3.php.net/manual/en/function.mysql-escape-string.php Quote Link to comment https://forums.phpfreaks.com/topic/70383-solved-marks-input-into-mysql/#findComment-353570 Share on other sites More sharing options...
BlueSkyIS Posted September 23, 2007 Share Posted September 23, 2007 mysql_real_escape_string is better. Quote Link to comment https://forums.phpfreaks.com/topic/70383-solved-marks-input-into-mysql/#findComment-353571 Share on other sites More sharing options...
darkfreaks Posted September 23, 2007 Share Posted September 23, 2007 agreed Quote Link to comment https://forums.phpfreaks.com/topic/70383-solved-marks-input-into-mysql/#findComment-353572 Share on other sites More sharing options...
rarebit Posted September 23, 2007 Share Posted September 23, 2007 mmm, it's actually deprecated, i'm watching 'a life backwards' and stuarts just done himzen in! Soz! I can never remember things... so I did a search and that was what I saw first! Quote Link to comment https://forums.phpfreaks.com/topic/70383-solved-marks-input-into-mysql/#findComment-353573 Share on other sites More sharing options...
darkfreaks Posted September 23, 2007 Share Posted September 23, 2007 mysql_escape_string is depreciated use mysql_real_escape_string instead. Quote Link to comment https://forums.phpfreaks.com/topic/70383-solved-marks-input-into-mysql/#findComment-353575 Share on other sites More sharing options...
surfsup Posted September 23, 2007 Author Share Posted September 23, 2007 Perfect thanks Quote Link to comment https://forums.phpfreaks.com/topic/70383-solved-marks-input-into-mysql/#findComment-353591 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.