or, more appropriately, use the database-specific escape function... for mysql: http://www.php.net/manual/en/function.mysql-escape-string.php http://www.php.net/manual/en/function.mysql-real-escape-string.php
-- Scott Hurring Systems Programmer EAC Corporation scott (*) eac.com -- "Martin Clifford" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Use addslashes() on ALL strings before inserting them into your database. Then, on your frontend, extract the data and use stripslashes() on all strings. Hope to help! Martin Clifford Homepage: http://www.completesource.net Developer's Forums: http://www.completesource.net/forums/ >>> "Anil Garg" <[EMAIL PROTECTED]> 07/12/02 10:45AM >>> Hi, I am making a faq maintenance system using mysql and php. To insert a entry in to a faq table i am using the following query: --------- INSERT INTO faq_table_netvd (id,question, answer,netvcr,netdetector,add_date,mod_date,keyword,category,display,attach_ id) VALUES ('0','$frm[question]', '$frm[answer]','$frm[netvcr]','$frm[netdetector]','$frm[add_date]','$frm[mod _date]','$frm[keyword]','$frm[category]','$frm[display]','$frm[attach_id]') "); ----------- now the problem is when $frm[question] has some string like: "why i can't eat". i get the following error: MySQL Error: You have an error in your SQL syntax near 't eat?' ,answer = 'Please recheck the power of your specs:)' ' at line 3.Putting a '\' before ' (e.g. \')solves my problem...but when i open the same quesion to edit it, again i have to put backslashes where ever i find " ' " in the quesion or answer. Can anyone please suggest a solution to this. thanx and regards anil [please ask if i havent explained the problem fully] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
