Insert from textfield with '

I have some trouble everytime a person writes something with a " ’ " like 20’th… Then the record doesn’t go into the database…

How do I get passed this?

The form:

echo '<textarea id="box1" name="box1" rows=4 cols="66"></textarea>';

The insert part:

$news = $_POST['box1'];

mysql_query("INSERT INTO ".$prefix."_news (userid,news,newsdate) VALUES ('$userid','$news',NOW())");

Please help… Thanks in advance :wink:

  INSERT INTO ".$prefix."_news (userid,news,newsdate) 
    , '" . mysql_real_escape_string($news) . "'
    , NOW())

Assuming that $userid isn’t another value from the form. If it is, you must pass that through mysql_real_escape_string as well, to avoid SQL injection.

Thanks man… did the job :wink: