By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,442 Members | 1,485 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,442 IT Pros & Developers. It's quick & easy.

Insert textarea datas in mysql, with " or '....

P: n/a
I've a textarea and would like to save the content in a mysql table each
time a user click on a form.

How can I do for avoiding error when the user put a " or a ' in the message,
or any other character that may cause problems.

My query is:
"insert into questions(UserID,Question) values
(".$HTTP_POST_VARS["USERID"].",'".$HTTP_POST_VARS["QUESTION"]."')"

The problem is with QUESTION, that may have a ' in it, or ".

Bob
Jul 17 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
"insert into questions(UserID,Question) values
(".$HTTP_POST_VARS["USERID"].",'".mysql_escape_string($HTTP_POST_VARS["QUESTION"])."')"

this will work for single quotes and double quotes, but not for
`backquotes`. Most of the time I think people just shouldn't insert
backquotes :) So I normally just replace backquotes with single quotes
and the problem is solved:

"insert into questions(UserID,Question) values
(".$HTTP_POST_VARS["USERID"].",'".mysql_escape_string(str_replace("`","'",$HTT P_POST_VARS["QUESTION"]))."')"

not tested but should work :)
Bob Bedford wrote:
I've a textarea and would like to save the content in a mysql table each
time a user click on a form.

How can I do for avoiding error when the user put a " or a ' in the
message, or any other character that may cause problems.

My query is:
"insert into questions(UserID,Question) values
(".$HTTP_POST_VARS["USERID"].",'".$HTTP_POST_VARS["QUESTION"]."')"

The problem is with QUESTION, that may have a ' in it, or ".

Bob

Jul 17 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.