[snip]
This is a query that I am sending to mysql. The problem is that sometimes in
the variable "$message" characters like ")" will get posted and when they do
it makes mysql die. I can only assume that mysql thinks that the ")" in the
$message variable is meant to close the sql query, but I am having trouble
figuring out how to avoid this. I suppose I could use a regex to replace all
special characters with something more sql friendly but I am hoping there is
a better way to do this. Thanks for any help.
mysql_query("insert into guestbook
(gb_entry_id,date,name,email,website_name,website_url,message) values
('',CURDATE(),'$name','$email','$website_name','$website_url','$message')")
or die (mysql_error());
[/snip]
You need to addslashes($message). Why, you ask curiously? It is because a
person posting to the guestbook has either single or double quotes (or both)
within the message which aren't escaped properly. addslashes() does this.
Use stripslashes() when retrieving the message for display to remove the
slashes so that the message looks normal.
HTH!
Jay
***********************************************************
* Texas PHP Developers Conf Spring 2003 *
* T Bar M Resort & Conference Center *
* New Braunfels, Texas *
* San Antonio Area PHP Developers Group *
* Interested? Contact [EMAIL PROTECTED] *
***********************************************************
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
