I'm trying to execute a Mysql_Query, which uses an input from a Textfield POST request. Though, I am encountering the follow error if the POST request includes an apostrophe.
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''DJ Broski, DJ CJ and Wendy; Looking Chill'')' at line 1"
How am I able to resolve this? The code I use to execute the query;
$sql = "INSERT into `gallery_pictures` (`fileName`,`caption`) VALUES ('0','$photo_caption')";
$result = @mysql_query($sql);
I agree with @DCoder about the needs of a modern replacement.
As written in the other posts, in PHP there is a built-in function to be used for these purposes, but is better using parameterized queries.
$sql = "INSERT into `gallery_pictures` (`fileName`,`caption`) VALUES ('0',\"$photo_caption\")";
$result = @mysql_query($sql);
how about this?