I have a form that get submitted to a php page before the values are added to the database. A sample of the beginning of the php page looks like:
// Define post fields into simple variables
$text = $_POST['text'];
$message = $_POST['message'];
/* Strip some slashes in case the user entered any escaped characters. */
$text = stripslashes($text);
$message = stripslashes($message);
You get the idea. Later on in the page error checking on the form posted fields are called (for empty fields), the information is sent to the database, an email with the info is sent, etc.
Here's the problem. If the user types an apostrophe, the information is not submitted and the user gets the error, "You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '....". After doing a little research, I read that I had to check my magic quotes. I found this:
magic_quotes_gpc On On
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
I am on a shared server and do not have access to server settings.
What do I need to do to allow a user to enter an apostrophe in a text box or textarea? The strange thing is I don't think I get the error when quotes are entered.
As the information is added to an email, I don't want slashes to be added before every apostrophe.
Thank you so much!