replacing &quot; and ' in mysql

replacing " and ' in mysql

bigred

Hi Guys,
I've got this problem which you may be able to solve.

When people add information to my database through a form, if they use " or ' it creates an error in the insert query.

To get rid of the " I'm using
$variable = HTMLSpecialChars($variable);
this changes the " to "
however this command can't be used to replace the ' symbol

This is obviously a security problem and besides that it breaks the insert query off and thereby creating an eror. Any ideas to best solve this problem?

Thanx in advance,
Big Red

bigred

Anyway I figured out my own workaround.
Call this file test.php

<form action=test.php>
<input type=text size=30 name=text><input type=submit>
<?php
function clean_code($code)
{
$code = HTMLSpecialChars($code); replace all special symbols with html equivelant ie " becomes "
$code = strip_tags($code); // remove HTML/PHP tags such as < > just in case
$code = stripslashes($code); // strip all the slashes / from the code
$code = str_replace("'",""", $code); // replace the ' symbol with e.g. "
return trim($code); // return the new code without trailing whitespaces
}

$text = clean_code($text);

echo "$text";
?>
</form>

basically this function removes many possible input errors and security issues.