You can try add use the addslashes function. In your example, if you have a string for
$y:
$y = addslashes($y);
$sql = "INSERT INTO x(y) VALUES ('$y')";
See if that does the trick.
mecawilson wrote:
Looks like my PHP form is bombing out when a ' or " is used... and it looks like I need an addslashes func - but I'm stuck on where to put it. W/in the sql command?
Also - is there a php func I can use to notifying if the db doens't take the input - or should I just write to a file?
Thank you very much in advance-
Matt
<?php
if ($submit) {
// process form
if(!$value){
$error = "Missing X";
}
else{
$db = mysql_connect("db", "name", "pass");
mysql_select_db("dbname",$db);
$sql = "INSERT INTO x(y) VALUES ('$y)";
$result = mysql_query($sql);
echo "Thanks";
}
}
if (!$submit || $error) {
echo $error;
?>
