[SOLVED] apostrophe or single quote in a blob

[rsammy]

i use an apostrophe or single quote in a blob and it returns an error. any message without the apostrophe passes on smooth. is there some escape character or something i need to use for this one?

 

thanks

[rarebit]

What's 'it' ?

 

Sometimes my html trips with ', however mysql trips on '... Generally the escape character is \

 

Post an example...

[d.shankar]

This probably is an SQL Injection attack.

Use this function to avoid errors.

 

mysql_real_escape_string()

[rsammy]

thanx a lot for replying, shankar. im sure its an sql issue. this is where i am stuck

 

$querye =("INSERT INTO messages (message, user_id,status,subject,from_p,received,to_email,time_sent, clientid, tran_ID) VALUES ('$message','$to_id','1','$subject','$PHY_EMAIL','$DATE','$to','$TIME', '$client_id', '$unqID') ");
$resulte=mysql_query($querye);
if (!$resulte)
{
$error="Error 441";
}

 

in the query above, '$message' is a blob - a combination of several fields. one of the fields - follow up notes - contains this special character. and thats what is failing. how do i use mysql_real_escape_string() in this query?

 

im sure the single quote(') in this blob is failing the query - i keep getting error 441.

 

i need this real quick - thanx again.

[rarebit]

http://uk3.php.net/manual/en/function.mysql-real-escape-string.php

[chocopi]

just use

 

$message = mysql_real_escape_string($message);
$to_id = mysql_real_escape_string($to_id);

 

etc on all of your variables you are posting into the database before the query

 

~ Chocopi

[rsammy]

thanx chocopi! it worked.

 

thanx to all the replies. appreciate ur help guys