Jasper Bryant-Greene wrote:
George B wrote:
Jasper Bryant-Greene wrote:
George B wrote:
I made a script that posts data into a database but it has a problem
whenever I enter a ' or a ". How do I bypass this problem?
If it is MySQL, use mysql_real_escape_string() [1]. If any other
database, have a look in the PHP manual [2] for the relevant
function, or as a last resort use addslashes().
Jasper
[1] http://www.php.net/mysql_real_escape_string
[2] http://www.php.net/docs.php
Where do I put the code in?
Example:
$value = mysql_real_escape_string($_POST['value']);
$results = mysql_query("SELECT * FROM sometable WHERE field='$value'");
Jasper
THANKS!! it works!!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php