1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

SQL/DB Error using ' in form textarea

Discussion in 'Databases' started by medialab, Jul 26, 2015.

  1. #1
    Hey Everyone,

    I am new to PHP and MySQL, everything in my form is working great however when I include a ' in any sentence such as "here's", I get an error.

    I assume it has something to do with insert but any help would be greatly appreciated!!
    SEMrush
     
    Last edited: Jul 27, 2015
    medialab, Jul 26, 2015 IP
    SEMrush
  2. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,630
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #2
    Oh.My.God.
    Okay, I've no idea what kind of classes you're using for db-inserts, but there HAS to be a way to make this into a prepared statement. You NEVER, EVER use user-input ($_POST, $_GET) directly in a query - that is just BEGGING for exploits.

    If the classes you're using doesn't have a way for doing prepared statements, or is using mysql_ (not mysqli_ or PDO), then scrap it and start over.

    Since you're saying nothing about where those classes come from, I'm guessing it's part of some sort of backend for a store of some sort, or something similar? Do you have a name for the script?
     
    PoPSiCLe, Jul 27, 2015 IP