use mysql_escape_string.
http://us3.php.net/manual/en/function.mysql-escape-string.php
Jon
Ron Piggott wrote:
I have begun to create a Christian Ministry Directory. It is on the ministry web site I am building at http://www.actsministries.org/ministrydirectory/ .
One of the problems I am now having is if the user types an ' into their entry --- these ones do not get saved into the mySQL database.
The line of code that inserts into the mySQL database matches the web site fields ---
INSERT INTO ministrydirectory VALUES ('$ministry_name', '$address_line_1', '$address_line_2', '$city', '$province_state_county', '$country', '$postal_zip_code', '$phone', '$fax', '$web_site', '$e_mail', '$date_updated')";
I can look at this and understand that if an ' is keyed why it wouldn't save and that line would create an error --- How do you work around this?
Ron
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
