Hello I have an issue with my mySQL queries and insertions.
When members write in the text area these characters, like:
' " < >
and some others.. the mySQL will give a database error.
What I can do to avoid this? I think it is a usualthing in PHP.
Thank you
Use mysql_real_escape_string() on the data before you try to insert it.
This will also protect you from SQL injection.
You need to escape your input before inserting it into your database.
See mysql_real_escape_string():
http://php.net/manual/en/function.mysql-real-escape-string.php
Hie Diego,
you can use mysql_real_escape_string to escape these characters. Maybe htmlentites ist interesting for you, too (htmlentities)
Hope this helps.
BR,
TJ
For a quick fix, escaping any string that goes into the app with mysql_real_escape_string will help.
For a better (and faster even!) solution, use mysqli and prepared statements - see e.g. this for a tutorial: http://www.dreamincode.net/forums/topic/54239-introduction-to-mysqli-and-prepared-statements/
You can also use the addslashes() of php.