what does your query look like? as in INSERT INTO table etc etc

You probably need to add the function addslashes when adding the values to the database:

INSERT INTO dada VALUES ('". addslashes($value) ."');

I think this should solve it.

Habtom

my Query Looks like

$sql = "INSERT INTO bidrequests (buyers, categories, description) VALUES ('$username', '$category', '$description');

Where Description is the Rtf value

$sql = "INSERT INTO bidrequests (buyers, categories, description) VALUES ('$username', '$category', '".mysql_real_escape_string [uk.php.net]($description)."');

dc

It Does Not Work

'".mysql_real_escape_string($description)."');

Not Even

'". addslashes($value) ."'

htmlentities($description)?

Nah, htmlentities is also not working

mysql_real_escape_string should be fine. Have you used mysql_error() on your query to see if there is another problem?

dc

try something like

$var = //Previous $description code
$description = mysql_real_escape_string($var);

then refer to $description normally as you did in your query above

Its nOt Working Too

My Code looks like this after your bode mysql_real_escape_string

$old_desc = $_POST['description'];
$description = mysql_real_escape_string($old_desc);
//-----------------------------------------
$sql = "INSERT INTO bidrequests (buyer, max_accepted, deadline, bid_type, bid_title, bid_body, attached_files, bid_status, starting_date, ending_date, platform, delieverables, parent, visible, project_type, category) VALUES ('$userisbuyer', '$maxbid', '$deadline', '$bidtype', '$title', '$description', '$attachedfilevar', '2', '$biddingstart', '$biddingclose', '$platform', '$delieverables', '$category', '0', '$projecttype', '$cate')";

$res=mysql_query($sql);

if ($res) {

And My Other Functions Goes On and On, But still the problem is Not Solved, Any One Please?

You could try replacing each instance of that character with an escaped equivalent:

$description = str_replace('"','\\"',$old_desc);
// Uses \ to escape for mySQL.

$description = str_replace('"','\'"',$old_desc);
// Uses ' to escape like most other databases, should also work in mySQL.

These are untested so I can't be for sure they'll work, but if escaping that double quote is your problem they should do it.

-DR-

Not Working Again,
I Tried to Submit Form using this value on Textbox

sfd d df "123445" sdfsdf

and on my Database it looks like

sfd d df \

?/

Dump the value of the field to your browser and then dump the sql statement to your browser. I'm guessing it may have something to do with magic_quotes but by seeing the data at each stage in the process you can determine where your issue lies.

$old_desc = $_POST['description']; 
$description = mysql_real_escape_string($old_desc); 
//----------------------------------------- 
$sql = "..."; 
// Dump info to browser and exit: 
print '<pre>'; 
print htmlentities($_POST['description']) . "\n"; 
print htmlentities($old_desc) . "\n"; 
print htmlentities($description) . "\n"; 
print htmlentities($sql) . "\n"; 
print '<pre>'; 
exit [php.net]; 
// End of browser dump 
$res=mysql_query($sql);

Thanks For your Help
i Solved this with something else

Now my values looks like

Enter Value:

Hi There" I Am Um3r", Bye

After My Code it Looks like

Hi There \"I am Um3r\", Bye

Thanks For all your help, Really Appreciated

What was it, if you don't mind sharing?