or, more appropriately, use the database-specific escape function...

for mysql:

Scott Hurring
Systems Programmer
EAC Corporation
scott (*) eac.com
"Martin Clifford" <[EMAIL PROTECTED]> wrote in message
Use addslashes() on ALL strings before inserting them into your database.  Then,
on your frontend, extract the data and use stripslashes() on all strings.

Hope to help!

Martin Clifford
Homepage: http://www.completesource.net
Developer's Forums: http://www.completesource.net/forums/

>>> "Anil Garg" <[EMAIL PROTECTED]> 07/12/02 10:45AM >>>
I am making a faq maintenance system using mysql and php.
To insert a entry in to a faq table i am using the following query:
INSERT INTO faq_table_netvd (id,question,
 VALUES ('0','$frm[question]',
now the problem is when $frm[question] has some string like: "why i can't
i get the following error:
MySQL Error: You have an error in your SQL syntax near 't eat?' ,answer =
'Please recheck the power of your specs:)' ' at line 3.Putting a '\' before
' (e.g. \')solves my problem...but when i open the same quesion to edit it,
again i have to put backslashes where ever i find " ' "  in the quesion or

Can anyone please suggest a solution to this.

thanx and regards


[please ask if i havent explained the problem fully]

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to