DavidGS Posted February 19, 2008 Share Posted February 19, 2008 OK, so I have a form with a textarea and submit button. I made a simple PHP program which gets the form data and writes it to a database. Works perfectly, information always gets stored without hassle. However, whenever I submit something with an apostrophe ('), it won't write it to the database. It refreshes the page and whichever changes I make that included the apostrophe in it would get removed, like they were never there. The form code: print "<form>\n"; print "<textarea name='text' cols='80' rows='5'>$text</textarea><br><br>\n"; print "<input type='SUBMIT' value='Update'>\n"; print "</form>\n"; The post code: if ($_POST['text']) { $textupdated = $_POST['text']; mysql_query("UPDATE profile_content SET text='$textupdated' ") or die(mysql_error()); } The $text variable is from an array: $qry = mysql_query("SELECT * FROM profile_content"); $contents = mysql_fetch_array($qry); $text= $array['text']; Quote Link to comment Share on other sites More sharing options...
aschk Posted February 19, 2008 Share Posted February 19, 2008 Apostophes break SQL statements (because they're delimiters for strings). This do $textupdated = mysql_real_escape_string($_POST['text']); Quote Link to comment Share on other sites More sharing options...
DavidGS Posted February 19, 2008 Author Share Posted February 19, 2008 Apostophes break SQL statements (because they're delimiters for strings). This do $textupdated = mysql_real_escape_string($_POST['text']); Thanks! I managed to do it with a str_replace too, but this is much easier. Quote Link to comment Share on other sites More sharing options...
aschk Posted February 19, 2008 Share Posted February 19, 2008 Yeah mysql_real_escape_string takes into account magic_quotes_gpc and also already escaped values (i.e. \') etc. So I would say you're better off using it than str_replace. Hope it does the trick for you. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.