posting " ' ' mess up my database entry

**code green** · Jul 28 '08, 08:35 AM

Use mysql_real_esca pe_string

**webandwe** · Jul 28 '08, 08:55 AM

Originally posted by code green

Use mysql_real_esca pe_string

Thanks, I'll use this next time as I already build the database and can't change it now. But I've I know it would have done that I would have started using mysql escape. But next time I'm using it.

I however made us of the following

I changes

$a21=$_POST['gps'];

$a21=htmlspecia lchars("$_POST[gps]", ENT_QUOTES);

just for the poeple who work with 1 field.

**code green** · Jul 28 '08, 02:29 PM

[PHP]$a21=htmlspecia lchars("$_POST[gps]", ENT_QUOTES);[/PHP]This strips out HTML tags.
Your stated problem was MySql unfriendly characters being inserted into the database.
Why not do this [PHP]$a21=mysql_real _escape_string( htmlspecialchar s("$_POST[gps]", ENT_QUOTES));
query = "INSERT INTO information VALUES ('','$a1','$a2' ,...[/PHP]

**Atli** · Jul 28 '08, 08:26 PM

Simply using the mysql_real_espa ce_string function should do fine.
[code=php]
$a1 = mysql_real_espa ce_string($_GET['var'], $dbConnection);
$sql = "INSERT INTO tbl VALUES('$a1')";
[/code]
That should escape any characters that would mess up the query so that it can be safely executed.

P.S. If you plan on using this data for anything other than showing it in a HTML page, then using the htmlentities() function is a very bad idea. It will basically convert any character that can be converted to HTML characters, which will make the data unusable for any other purpose.

posting " ' ' mess up my database entry

posting " ' ' mess up my database entry

Comment

Comment

Comment

Comment