aeris130 Posted April 28, 2006 Share Posted April 28, 2006 So I have the following query:[code]$query = "INSERT INTO tbl1 VALUES ('','$name','$info','$phone','$various')";[/code]The variables are being given their values by typing them in via text-fields, and later submited by calling insert.php.First of all, I'm curious as to how I enable myself to type 's and still be able to submit the query. I've read about add-slashes, but I couldn't grasp it completely (that is, I know that adding \\ before ' bypasses this problem, it's the function addslashes that I haven't grasped). Could someone give an example of the above mentioned query, complete with add-slashes (unless there's a better solution, that is)?Another problem is that any linebreaks typed into the fields, result in all data below the first linebreak being lost. Is there a way to convert linebreaks to html (I suppose <br> would suffice) upon submission? Quote Link to comment https://forums.phpfreaks.com/topic/8634-and/ Share on other sites More sharing options...
kenrbnsn Posted April 28, 2006 Share Posted April 28, 2006 Please read [a href=\"http://www.nyphp.org/phundamentals/storingretrieving.php\" target=\"_blank\"]this article[/a] which explains the need to escape quotes (and other characters) when inserting data into a database very well.When you want to display data to the screen, us the functions nl2br() to add the "<br />" tag before a newline character and htmlenties() to keep tags in the data from screwing up the display.Ken Quote Link to comment https://forums.phpfreaks.com/topic/8634-and/#findComment-31685 Share on other sites More sharing options...
wildteen88 Posted April 28, 2006 Share Posted April 28, 2006 To use addalshes you just do this:[code]$var = addslashes($var);[/code]Also its not two \\ but one. Quote Link to comment https://forums.phpfreaks.com/topic/8634-and/#findComment-31686 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.