Mysql problem with apostrophe and line break

Discussion in 'PHP' started by baris22, May 26, 2007.

0
  1. #1
    When I try to insert a sentence with an apostrophe or line break to the database I get an error.

    

{
	$sql_query = "INSERT INTO `filedetails` (`type`,`title` , `description` , `links` ) 
										  VALUES ('$chosenFileType','$title','$description','$linksCollection')";
	
	$query_result = mysql_query($sql_query) or die(mysql_error());

}
    PHP:
    this is the code for inserting into the database.

    What can I do to solve this problem?


    Thanks all.
     
    baris22, May 26, 2007 IP
  2. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #2
    nico_swd, May 26, 2007 IP
  3. projectshifter

    projectshifter Peon

    Messages:
    394
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Seconded. You will probably find a lot of things that say addslashes(), but mysql_real_escape_string() catches a couple of things that mysql will convert to apostrophes and mess your stuff up. Also in reverse, when you pull this data out of the database, stripslashes() should be used so it gets rid of all the extra stuff.
     
    projectshifter, May 26, 2007 IP
  4. manilodisan

    manilodisan Peon

    Messages:
    224
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #4
    The green victim of an sql injection :p
     
    manilodisan, May 26, 2007 IP