I have a form which asks for information such as name which could have a single quote in it. When I insert it into mySql database the query fails because the field hasn't been escaped. Is there a function or an easy way to check a entry from a form for items like single quotes which cause database entry errors.
You can use following functions to get rid of this: stripslashes() and addcslashes() For Manual, Visit this: http://in.php.net/addslashes Hope this helps...
...or sanitise the input before doing the insert: http://www.eire-webdesign.ie/blog/2007/11/01/sanitize-input-from-forms-or-database/ there is a nice little function that i created and might help.
Funny, just posted this function in another topic. Cleans arrays and strings. One thing, you need to be connected to MySQL or you'll get some funky errors function clean ($string) { if (is_array($string)) { foreach ($string as $key => $value) { if (function_exists('mysql_real_escape_string')) { $string[$key] = mysql_real_escape_string($value); } else { $string[$key] = addslashes($value); } } } elseif (is_string($string)) { if (function_exists('mysql_real_escape_string')) { $string = mysql_real_escape_string($string); } else { $string = addslashes($string); } } return $string; } PHP: To call it, simply do the following: // as an array $array = array('one', 'two', 'three'); $array = clean($array); //as a string $string = 'hello, world!'; $string = clean($string); PHP: Have fun.