hello. I just recently learned this code:
Code:
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
PHP Code:
<?php//connect to the databaseif (! @mysql_connect('localhost', 'username', 'password')) {die ('for some reason you cannot connect to the database');}//select the jokes tableif (! @mysql_select_db('jokes')) {die ("you can't find the jokes table" );}//create a mysql queryif (isset($_POST['submitjoke'])) {$joketext = $_POST['joketext'];$sql = "INSERT INTO jokes SETJokeText='$joketext',JokeDate=CURDATE()";if (@mysql_query($sql)) {echo('<P>your joke has been added!</P>');}else {echo ('<P>Error in submitting joke:' . mysql_error() . '</P>');}}?>
<form action="
PHP Code:
<?$_SERVER['PHP_SELF']?>
" method="post">
Please submit a joke: <BR>
<textarea cols="40" rows="10" name="joketext" wrap></textarea> <BR>
<input type="submit" value="submit" name="submitjoke">
</form>
</BODY>
</HTML>
every thing seems fine except when I submit anything in the textarea box with a apostrope. For example If I submit:I get this error:
Error in submitting joke:You have an error in your SQL syntax near 's there?', JokeDate=CURDATE()' at line 2
when I don't use the apostrophe:
knock knock. whos there.
everything comes out fine. How do I allow people to use that apostrophe in the textarea box without getting this error?
Bookmarks