Posted by George B on 08/24/05 08:54
Jasper Bryant-Greene wrote:
> George B wrote:
>
>> Jasper Bryant-Greene wrote:
>>
>>> George B wrote:
>>>
>>>> I made a script that posts data into a database but it has a problem
>>>> whenever I enter a ' or a ". How do I bypass this problem?
>>>
>>>
>>> If it is MySQL, use mysql_real_escape_string() [1]. If any other
>>> database, have a look in the PHP manual [2] for the relevant
>>> function, or as a last resort use addslashes().
>>>
>>> Jasper
>>>
>>> [1] http://www.php.net/mysql_real_escape_string
>>> [2] http://www.php.net/docs.php
>>
>>
>> Where do I put the code in?
>>
>
> Example:
>
> $value = mysql_real_escape_string($_POST['value']);
> $results = mysql_query("SELECT * FROM sometable WHERE field='$value'");
>
> Jasper
THANKS!! it works!!
[Back to original message]
|