George B wrote:
Jasper Bryant-Greene wrote:George B wrote:I made a script that posts data into a database but it has a problem whenever I enter a ' or a ". How do I bypass this problem?If it is MySQL, use mysql_real_escape_string() [1]. If any other database, have a look in the PHP manual [2] for the relevant function, or as a last resort use addslashes().Jasper [1] http://www.php.net/mysql_real_escape_string [2] http://www.php.net/docs.phpWhere do I put the code in?
Example:
$value = mysql_real_escape_string($_POST['value']);
$results = mysql_query("SELECT * FROM sometable WHERE field='$value'");
Jasper
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
