Forum Moderators: coopster
Got a problem with a mysql query in php. The query
$present=$DB_site->query_first("SELECT bla FROM titles WHERE title='$something'");
returns an error when $something contains a '
How can I solve this?
Thx,
Turbo
$present=$DB_site->query_first("SELECT bla FROM titles WHERE title='".mysql_real_escape_string(trim($something))."'");
if you dont sanitise user input, you are vunarable to SQL injection ( [google.nl...] )
;)
