Problem with a mysql php string query

Forum Moderators: coopster

Message Too Old, No Replies

Problem with a mysql php string query

Mainly a problem with the ' character.

screwfacecapone

2:31 pm on Oct 14, 2005 (gmt 0)

I'm new to the forums, so If I'm posting this in the wron g place, I apologize before hand. I'm having a problem with a php code I'm working on.

$message = $_REQUEST['message'];

I get the message via an HTML form. The MYSQL query inputs the $message into my database table. It works fine, but when I make a message using the " ' " character, I get a syntax error.

Elijah

2:45 pm on Oct 14, 2005 (gmt 0)

Welcome to WebmasterWorld, screwfacecapone!

Using the addslashes() function should solve your problem:


$message = addslashes($_REQUEST['message']);

jatar_k

3:03 pm on Oct 14, 2005 (gmt 0)

Welcome to WebmasterWorld screwfacecapone,

yes addslashes is one option but there are functions made specifically for escaping data to be inserted into mysql. You should use this one

mysql_real_escape_string() [php.net]

Another thing we should cover is not using $_REQUEST. I am guessing that the message var is posted to the script therefore you should use $_POST instead. There are security issues with using $_REQUEST.

screwfacecapone

3:04 pm on Oct 14, 2005 (gmt 0)

It does. Thanks a million.