I have a Web application that has a textarea field where a user can type a
message and then the message will be stored in the database. Here is the
code for the insert:
insert into alerts (alrt, ncmp, suno, mess, prty, spst, dnst, crea, cdat)
values ('$max_alert', '$company','$supplier', '$message', '$priority', '2',
'2', '$userid', SYSDATE)
This works fine unless there is a single quote in the message, which
obviously is a big problem since I cannot restrict my users to not enter
quotes into their text message. How can I avoid having this issue?
