Apostrophe crashing PHP Form Script

gc40

When I try to update a php script that writes my form entries to the database it fails. It usually works, however, when I use the ' apostrophe, it crashes.

What must I add to my code to allow the ' or ` symbol to be ignored and not crash the system?

YAOMK

escape them using a back-slash like \'

gc40

Yea, but how do i correct the code to ignore the ' symbol?

YAOMK

show us an example of your code.

essentially an echo statement would look like this:

echo " Martha Stewart\'s cookie recipe";

gc40

Dude... lol...

Its an SQL update script. I am using a form so the person actually updates information via a web browser using a form with textareas and input fields... They then press submit and its submits it to the database.

I am having a problem where the user is entering the ' symbol in the form textarea and submitting it, but it crashes. Get it now?

YAOMK

sure, try using real_escape_string() to escape your users input before you submit to your database.

YAOMK

or even better: mysql_real_escape_string().

gc40

I went with addslashes

http://in.php.net/manual/en/function.addslashes.php

YAOMK

mysql_real_escape_string() would be a better choice.

Form the Php Manual:

Using mysql_real_escape_string() around each variable prevents SQL Injection. This example demonstrates the "best practice" method for querying a database, independent of the Magic Quotes setting.

NogDog

In order of preference:

Use prepared statements.
Use the escape function specific to the DBMS being used if there is one, e.g. mysql_real_escape_string() if using MySQL (or create your own if you know what you're doing).
Use a generic function like addslashes()