brainbug Posted April 15, 2011 Share Posted April 15, 2011 I have a form in which there is a textarea box and when we type the single quotation mark (or apostrophe)--whatever that is called ('), and submit, the PHP reports an error. The data entered will be later stored in a VARCHAR field in a mysql table.The text I entered is: Finally, when we have created the cables, I can't connect.The error I get is:Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'internet', '122.167.9.255')' at line 2What is the problem and the possble solution? Thanks. Link to comment Share on other sites More sharing options...
thescientist Posted April 15, 2011 Share Posted April 15, 2011 it's helpful to actually provide code, but from the sounds of it, you're not escaping your form inputs before putting them into your queries/database.http://php.net/manual/en/function.mysql-re...cape-string.php^ is the very least you should be doing to sanitize form inputs before using them in a query. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.