[snip] This is a query that I am sending to mysql. The problem is that sometimes in the variable "$message" characters like ")" will get posted and when they do it makes mysql die. I can only assume that mysql thinks that the ")" in the $message variable is meant to close the sql query, but I am having trouble figuring out how to avoid this. I suppose I could use a regex to replace all special characters with something more sql friendly but I am hoping there is a better way to do this. Thanks for any help.
mysql_query("insert into guestbook (gb_entry_id,date,name,email,website_name,website_url,message) values ('',CURDATE(),'$name','$email','$website_name','$website_url','$message')") or die (mysql_error()); [/snip] You need to addslashes($message). Why, you ask curiously? It is because a person posting to the guestbook has either single or double quotes (or both) within the message which aren't escaped properly. addslashes() does this. Use stripslashes() when retrieving the message for display to remove the slashes so that the message looks normal. HTH! Jay *********************************************************** * Texas PHP Developers Conf Spring 2003 * * T Bar M Resort & Conference Center * * New Braunfels, Texas * * San Antonio Area PHP Developers Group * * Interested? Contact [EMAIL PROTECTED] * *********************************************************** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php