$sql = "INSERT INTO Jokes SET
JokeText='$joketext',
JokeDate=CURDATE()";
this is an example i pasted from the sitepoint php/mysql manual.
if $joketext contains an ' , for example $joketext="ab'cd"
then when the insert query is applied mysql will recognise the ' after the b as the closing ' of that line and an error will be returned.
i need a way to get around that somehow..
thnx.
interesting thing is that when a variable $_gets a string that is read from a database this error does not occur. ill give an example for this last sentence:
i have a form where in one of the fields there is a dropdown menu. the values of that menu are read from a database. even when a value in that menu has a ' in it, the form can be submitted, and a variable getting this value through $_GET can be inserted into a database in the technique i pasted from the manual. the extra ' doesnt seem to bother mysql for some reason.
Bookmarks