Minor textarea annoyance.

[DavidGS]

OK, so I have a form with a textarea and submit button. I made a simple PHP program which gets the form data and writes it to a database. Works perfectly, information always gets stored without hassle. However, whenever I submit something with an apostrophe ('), it won't write it to the database. It refreshes the page and whichever changes I make that included the apostrophe in it would get removed, like they were never there.

 

The form code:

 

print "<form>\n";
print "<textarea name='text' cols='80' rows='5'>$text</textarea><br><br>\n";
print "<input type='SUBMIT' value='Update'>\n";
print "</form>\n";

 

The post code:

 

if ($_POST['text'])
	{
		$textupdated = $_POST['text'];
		mysql_query("UPDATE profile_content SET text='$textupdated' ") or die(mysql_error());
                }

 

The $text variable is from an array:

 

$qry = mysql_query("SELECT * FROM profile_content");
$contents = mysql_fetch_array($qry);

$text= $array['text'];

 

[aschk]

Apostophes break SQL statements (because they're delimiters for strings).

This do

$textupdated = mysql_real_escape_string($_POST['text']);

[DavidGS]

Apostophes break SQL statements (because they're delimiters for strings).

This do

$textupdated = mysql_real_escape_string($_POST['text']);

 

Thanks!

 

I managed to do it with a str_replace too, but this is much easier.

[aschk]

Yeah mysql_real_escape_string takes into account magic_quotes_gpc and also already escaped values (i.e. \') etc. So I would say you're better off using it than str_replace. Hope it does the trick for you.