<br> and '

[aeris130]

So I have the following query:

[code]$query = "INSERT INTO tbl1 VALUES ('','$name','$info','$phone','$various')";[/code]

The variables are being given their values by typing them in via text-fields, and later submited by calling insert.php.

First of all, I'm curious as to how I enable myself to type 's and still be able to submit the query. I've read about add-slashes, but I couldn't grasp it completely (that is, I know that adding \\ before ' bypasses this problem, it's the function addslashes that I haven't grasped). Could someone give an example of the above mentioned query, complete with add-slashes (unless there's a better solution, that is)?

Another problem is that any linebreaks typed into the fields, result in all data below the first linebreak being lost. Is there a way to convert linebreaks to html (I suppose <br> would suffice) upon submission?

[kenrbnsn]

Please read [a href=\"http://www.nyphp.org/phundamentals/storingretrieving.php\" target=\"_blank\"]this article[/a] which explains the need to escape quotes (and other characters) when inserting data into a database very well.

When you want to display data to the screen, us the functions nl2br() to add the "<br />" tag before a newline character and htmlenties() to keep tags in the data from screwing up the display.

Ken

[wildteen88]

To use addalshes you just do this:
[code]$var = addslashes($var);[/code]

Also its not two \\ but one.