Sloan,
The problem with your response is that it is translated by the page that shows the sample code. No one saw the & # 39 all together, because there browsers translated it to '.
another fixer is to replace apostrophese with ''. '' is translated to ' by the majority of SQL based databases
try this:
$strSample = str_replace("'", "''",$strSample)
Sloan Kelly wrote:
There is a really simple way to fix this problem, before you write any of your variables to the database, replace them with HTML entities using ereg_replace() like so:
$description = ereg_replace("'", "'", $description);
$description = ereg_replace("\"", """, $description);
This means that the quotes will be preserved in HTML, including text boxes, and the SQL insert/update won't go haywire.
It also means that you don't have to un-encode the string when you return it from the database.
