Bascially I use addslashes so I can use " and ' and all that stuff I shouldn't use. But when trying to do something like Chris's House, it displays Chris. But using " " works
function insert($field_names,$field_data,$tablename)
{
//pre: $field_names and $field_data are pararell arrays and $tablename is a string.
//post: creates a query then executes it.
$query = "INSERT INTO $tablename ($field_names[0]";
for($k=1;$k< count($field_names);$k++)
{
$query.=', '."$field_names[$k]";
}
$field_data[0] = addslashes($field_data[0]);
$query.=") VALUES (\"$field_data[0]\"";
for($k=1;$k< count($field_data);$k++)
{
$field_data[$k] = addslashes($field_data[$k]);
$query.=', '."\"$field_data[$k]\"";
}
$query.=')';
mysql_query($query,$this->conn);
echo "<center><b>You have succesfully added this to your $tablename</b></center><br>";
echo '<center><table width=350 border=1>';
for($k=0;$k<count($field_names);$k++)
{
//certain fields I do not want displayed.
if($field_names[$k]!="password")
{
$field_data[$k] = stripslashes($field_data[$k]);
echo "<tr><td>$field_names[$k]".': </td>'."<td>$field_data[$k]</td></tr>\n";
}
else
{
echo "<tr><td>$field_names[$k]".': </td>'."<td>******* (encrypted)</td></tr>\n";
}
}
echo '</table></center>';
}
