Check before inserting into database

jshowe

Does anyone know a good way to be sure that the . ' ? and other characters don't mess things up? Changing them to Unicode or simply \ them out?

Stressed

Originally posted by jshowe
Does anyone know a good way to be sure that the . ' ? and other characters don't mess things up? Changing them to Unicode or simply \ them out?

There is a function called mysql_escape_string I believe if you are using the standard mysql functions, and you could also use the functions in the pear DB object if you are using pear.

Andy

jshowe

I don't think I explained what I was trying to do well enough. I am making a content managment system and the users are entering data into a form. The form variable (lets say $content) contains full sentences including apostrophes... it's messing up the INSERT (content) values ('$content'); Any easy ways to fix that?

mhalloran

addslashes should do the trick:

$sql = "INSERT INTO table_name (content) values ('".addslashes($content)."')";

jshowe

Thank you both for your help. mysql_real_escape_string is the new form of mysql_escape_string. The escape string did the trick.