surfsup Posted September 23, 2007 Share Posted September 23, 2007 I have a form form which users are inputting data in to my Database. They often input pieces of text that contain " marks. This causes a problem as it seem to terminate the input a that point. How can I deal with this.? Can I somehow replace the " on input with say ' ? (not ideal) THanks Quote Link to comment Share on other sites More sharing options...
Jessica Posted September 23, 2007 Share Posted September 23, 2007 Use mysql_real_escape_string and google "sql injection" Quote Link to comment Share on other sites More sharing options...
rarebit Posted September 23, 2007 Share Posted September 23, 2007 $s = mysql_escape_string($s); http://uk3.php.net/manual/en/function.mysql-escape-string.php Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted September 23, 2007 Share Posted September 23, 2007 mysql_real_escape_string is better. Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted September 23, 2007 Share Posted September 23, 2007 agreed Quote Link to comment Share on other sites More sharing options...
rarebit Posted September 23, 2007 Share Posted September 23, 2007 mmm, it's actually deprecated, i'm watching 'a life backwards' and stuarts just done himzen in! Soz! I can never remember things... so I did a search and that was what I saw first! Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted September 23, 2007 Share Posted September 23, 2007 mysql_escape_string is depreciated use mysql_real_escape_string instead. Quote Link to comment Share on other sites More sharing options...
surfsup Posted September 23, 2007 Author Share Posted September 23, 2007 Perfect thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.