Hey Everyone, I am new to PHP and MySQL, everything in my form is working great however when I include a ' in any sentence such as "here's", I get an error. I assume it has something to do with insert but any help would be greatly appreciated!!
Oh.My.God. Okay, I've no idea what kind of classes you're using for db-inserts, but there HAS to be a way to make this into a prepared statement. You NEVER, EVER use user-input ($_POST, $_GET) directly in a query - that is just BEGGING for exploits. If the classes you're using doesn't have a way for doing prepared statements, or is using mysql_ (not mysqli_ or PDO), then scrap it and start over. Since you're saying nothing about where those classes come from, I'm guessing it's part of some sort of backend for a store of some sort, or something similar? Do you have a name for the script?