I have a form which send info to my mysql database. (Using PHP.)?

[eliyahu_s]

The probelm is if I include an apostrophe ' in the form. Then mysql interprets it as an escape sequence, so instead of sending it's a day it think it's 'it'
Are there any elegant solutions? Do I have to a string replace on every form?

 

[chillininvt]

The smartest thing to do is to set up a function that will clean the form inputs. Typically mysql_real_escape_string() will escape the quotes. However if you are still having problems than I would try using htmlentities() to decode the quotes and other special characters into html entity equivelents. This will reduce the risk of someone hacking the application.