Hey everyone, This problem has been baffling me for a little bit now. It's to do with MySQL and apostrophes. Currently I have: <?php include '../config.php'; mysql_connect("$host", "$user", "$pass") or die(mysql_error()); mysql_select_db("$dbname") or die(mysql_error()); $title = $_POST['title']; $news = $_POST['edited']; $news = str_replace("<br>", "<br />", $news); $date = date("D j M Y"); mysql_query("INSERT INTO news (title, contents, date) VALUES ('$title', '$news', '$date')") or die(mysql_error()); echo ("Done <a href='index.php'>Click Here</a> to go back to admin area") ?> PHP: and if any of the variables was to have an apostrophe (') then it generates an error on the query line. Does anyone have any ideas how I can sort this out? Thanks
For the problem you asked about you need to escape those characters: http://us3.php.net/manual/en/function.mysql-real-escape-string.php For the problem you didn't ask about, you need to validate your data: http://www.google.com/search?q=data+validation (never trust end users nor their data)
Try mysql_real_escape_string() http://php.net/manual/en/function.mysql-real-escape-string.php This should work for you.