I have a form in which i type some text. When i press submit it should insert all the data in SQL table. Everything works perfect until i write a ' character (apostrophe). The interesting thing that in IE apostrophe + text= display; apostrophe only (without any text) = works.
In Firefox in both cases it doesn't work.
I've tried to change SQL query with other characters (like " "). And i've tried to put the $_POST['message'] in htmlspecialchars but nothing worked.
Here is the code:
.....
$message = $_POST["message"];
$sendcomment = mysql_query("INSERT INTO abc SET topicid='$qstid2', name='$name', email='$email', post='$message', date='$date'");
if($sendcomment){
require("html/ok_answer.html");
echo "<meta http-equiv='refresh' content='2;URL=$qsturl'>";
} else {
echo "There was an error with the submission. ";
}
....
Appreciate any help. Thx in advise.
...... apostrophe + text= display error; ....
Thanks Alex. real escape worked perfectly.
In Firefox in both cases it doesn't work.
I've tried to change SQL query with other characters (like " "). And i've tried to put the $_POST['message'] in htmlspecialchars but nothing worked.
Here is the code:
.....
$message = $_POST["message"];
$sendcomment = mysql_query("INSERT INTO abc SET topicid='$qstid2', name='$name', email='$email', post='$message', date='$date'");
if($sendcomment){
require("html/ok_answer.html");
echo "<meta http-equiv='refresh' content='2;URL=$qsturl'>";
} else {
echo "There was an error with the submission. ";
}
....
Appreciate any help. Thx in advise.
...... apostrophe + text= display error; ....
Thanks Alex. real escape worked perfectly.